last executing test programs: 5.994932242s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[], 0x0) 5.398298009s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x8a, &(0x7f0000000500)={@local, @multicast, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "dd69bf", 0x54, 0x2b, 0x0, @local, @local, {[@dstopts={0x3c, 0x0, '\x00', [@jumbo]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8100}}}}}}}, 0x0) 5.346586828s ago: executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc) socket$inet6(0xa, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f0000000000)="170000000200010000ffbe8c5ee17688a20033000202000aff3f000057fce46d0a00d65ad90200bb6a880000d6c8db0000dba67e06020000e28900000a00df01800a000000fc0607bdff59100ac45761547ae81f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c568311ffff02ff030000ba000840024f0298e9e90539062a80e605007f71174aa951f3c63e5a1b47b6", 0xb8) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="9b43a409aa81", @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @broadcast}, @echo_reply={0xe0}}}}}, 0x0) 5.313699213s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x248, &(0x7f0000000980)={[{@test_dummy_encryption}, {@resgid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x8}}, {@mblk_io_submit}, {@usrjquota}, {@nodelalloc}, {@errors_remount}, {@data_journal}]}, 0xfd, 0x4a1, &(0x7f00000004c0)="$eJzs3M1rHOUfAPDvzG7SX1+TX60vrdVGq1h8SZq0akGhKggeFAQ91JPEJC21aSNNBFuKjVLqRdCCdxG8CP4FPXkS9SR41bsUivTS6mllsrPrJtndbLPJbl4+H5juPJln9vl+d2Z2nplnpwFsWgPZP0nEjoj4PSL6IiJdWGFr+eXOrUtjf9+6NJZEqfTWX0m2Wty+dWmsUjXJX7eXC8XsjdIrSbxUp93pCxfPjE5OTpzPy0MzZz8Ymr5w8ZnTZ0dPTZyaODdy7NjRI8PPPzfy7IrkmcV0e9/HU/v3vvbOtTfGTlx77+fvk5qga/No0wt91dnrg0mDSo+vUGNrxc6a+aTYuF5pSyeioVXZ5sg2V8/c8d8XhSu7qsv64tVPuxocsKpKpVJppPHi2RKwgSXR7QiA7qic6LPr38rUoa7HmnDz5fIFUJb3nXwqLymW74NsKV8b7Vyl9gci4sTsP19nU9z1fYieVYoKANjIfsj6P0/X6/+lcV9NvV352FB/RPw/InZHxD0RsSci7o2Yq3t/RDxQv5mBdxu0P7CgvLj/k95YfnZLy/p/L+ZjW/P7f9VRsP5CXto5l39PcvL05MTh/DM5FD1bsvJw3XdPImaz19++aNR+bf8vm7L2K33BPI4bxePz1xkfnRltO/HczU8i9hXr5Z9E8b8sYm9E7FtmG6ef/G7//L8UqnNL599Ek3GmVpW+iXiivP1nY0H+FUnz8cmh/8XkxOGhyl6x2C+/Xn2zUfvl/NNonv/W9hNtINv+2+rt/8er+fcnteO104veonepNq7+8VnDa5qW9v8FY4bZ/t+bvD2v8Y9GZ2bOD0f0Jq8v/nvNDe5KuVI/y//QwfrH/+58nSz/ByMi24kfioiHI+JAHvsjEfFoRBxskv9Przz2fsP8D7Sx/6+ALP/xut9/jbb/3c8Uzvx4vVH7rW3/o5XCXFCtfP+1GmA7nx0AAACsF2lE7IgkHazOp+ngYPn38ntiWzo5NT3z1MmpD8+Nl58R6I+etHKnq6/mfuhwfm+4Uh7Jy5fz8pH8vvFXha1z5cGxqcnxbicPm9z2Bsd/5s9Ct6MDVt0KjKMB69TSx3/akTiAzlv++V/PAda7JY5iJ3/YwJzFYfOqd/xfri0kUf6VPLDhOP/D5lU9/r9soXLN414LH94E1p9m5/9SXwcDATpO/x82pXae618TM/FtRPM6yVoJ9a5mPm9n9eLiRWmscISRdvHz6e3KRhkpRHRxlyi2+r9axIXS5bYb7fY3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMr4NwAA//85MuVZ") mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.sched_load_balance\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000000c0), 0x12) 5.131812693s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000a00)={0x24, 0x0, 0x0, &(0x7f0000000940)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "2c98d613"}]}}, 0x0}, 0x0) 3.957620674s ago: executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe2$9p(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000001000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) setreuid(0x0, 0x0) 3.875263148s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) 3.853292871s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x120, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xeb, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) recvfrom(r3, 0x0, 0x0, 0x0, 0x0, 0x0) 3.589457344s ago: executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000047000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000000000f7850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000580)='ext4_mb_release_inode_pa\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='ext4_mb_release_inode_pa\x00', r2}, 0x10) write$cgroup_subtree(r0, 0x0, 0x32600) 3.575372936s ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298900000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24490a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1fcff7a1ef3282837771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969cc1595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d400000000000004011c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0890700eef552fcde2981f48c482bde8a168c3f5db2eaa6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000100000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed90868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c83ae45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422636f949e2ab8f162d7e3f855e378f4a1f40bc96fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df775e411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8605000000000000003fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373eaea36546791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf00000000f3ffffffffffff12a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca0000000000000000000090044ed83fec890f693d54e1c0adf7b3fe6cfcf3b9873cecd116826f1be38a8d61d866516197c199d5a3721a378de95d5c25b3887a271db57518e630dd132a518a3b2490b3a9ac177d286502aa73eb67275de3523ce65e50b67a3820faaab5e7b22850c8265b44085a0d2d3c734712591007e15d7f0b2cd7eb796e8f4318d2eb8343c5176056000000000000000000000007444a9a2b71016c9cf336078fa3fcfbdf4dcfc2f5acc09ad13dda373957ab7ed731565049f1d18bcba118079dc5307fa972f19cdf463cbf159985aeb0d92fceb4d62956f6de3f2a416a74"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f0000000300)={0x1100, 0x0, 0x0, 0x10000}) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000080)) 3.299605271s ago: executing program 4: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = dup(r2) fgetxattr(r3, &(0x7f0000000180)=@known='system.sockprotoname\x00', 0x0, 0x0) 3.236718842s ago: executing program 4: r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) 3.227806703s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r2, 0x400, 0x0) open(&(0x7f0000000940)='./file1\x00', 0x300, 0x0) 3.219490635s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) r3 = socket(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000ac0)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{}, [@TCA_NETEM_DELAY_DIST={0x4, 0xd}]}}}]}, 0x50}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r7, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r7, &(0x7f0000004200)={0x50, 0x0, r8, {0x7, 0x1f, 0x0, 0xeea390}}, 0x50) syz_fuse_handle_req(r7, &(0x7f00000066c0)="a062030607792c01386f28a428828947de99f79cc542703d923c7cb9d4e1f6fd95fbf2f747ab32f6fb041861fb3f87a88cb85405b4e73c0b6b12c81e42a9f13d82c32b7ddb172bcba1aac5c38f083747ac179f08d4d6d342a87ba8dd9bb7a9680f27433c3357b4f6ac97b19a973592f1ac6e7853a0b15ba42a28efb9cc30b146346b546018966e94976ca28f26a1950dd64c0adbb0c2e09bbd9caa9e7886a2b3d6e2b6d6616b718f1322ea2881ca59ef73948b1bcdc2dd3970e63cbc1043ce42af0ea1f95d17268cbc3ef062c8c31a537e94a20c1c505a6022d5ece7f51bd9c754d8c47cbe80bbb30b2159991a94dd3a25e64aff8a7a17374b5a71e0c7c241cbfd7f084e18a50bea512ada902210a3881ffcd42071ab09c4d80139d8980d6dc5d12c2595ced445caf22f80d8fb1a4c243da47fadb8e28e9c04fea820a8a2f032f5adff8b7d9269e63db68d196bf7f416405e52b6b8abd8bb9d9694b8b5eddae348209963738cd9710bd6c291af1c8eaf0e52d2f2f24bef8c8bc9f77eed40104e07c8ee1b4cb358fc73e2653fef6232b5e9f5d0be26b91a0b7967ed5e3bf10c449424ff4d11951d963677001d9576425d6a9c4503268a407d74854f5e1caacc0ccc463dc56e684db1d80b370da238915579ab82cdbd7d155adf10b96ed71100ea92834e8a4e4f5b7b831bff6fb4febe01bb398ea4065446f277f107aa3cc06e0b7a6e98434bf57744ba9ecb8effe704d7f852e16bc33ac113649f7540b7a7a67cf5493b400ce06e571d485af1732938b79ded4de7dad97a7e1c0be7bd479dc264647bb76503168423e3f6fc95f8ac8ea35e39f476ab54e88286fcf73eead1f794784465592fe4ad112ac63bbc3b3f35b87c40bc5fa6e3ca6cad878f9772a61a23aa00491a9e2442eb90a32af2bd74e99d075bcda20288bfc30f3b00a7e8e1a0b4791573abd65284bbb53e2b7d667239b95b332dd423e4d7c512de559bd53fde5285add9795bda81ec142620e693af9c787a4499dd76ca0d77d9c7c4043e537ec6c1cd0b9a642b12adc782a0e00f6c1ed7379d5fff4c2feb19182db977f657b195e4710ff00f78e35a146119897495b0e1a0068a6606292ee72bf65adcd2cd29b4e59a4b3f82eac77d5254013d03d2fb2511975558906741912d09304f0d4cf08c8f62690c67968c869f75a4025224d8e84baf7a42e01b4ecf7e55d7c45839778c2266880d1bb73e3aad618d1a4f8d5a16914d64d70438a88512649fd4caa90506e5a2d58a33ecaebc9b2e5f8a4fbeca57c829ae02fd2dc146e939c3d295ada7df4a07e74b356c6ffd7a9c546b9eddf7e013cbcb2b57ae0d225249f7e06a415681d9f597a060fd55e39bd56f04b863efeca458a0cbc54b660db50ca40d27a3fda3416860e691cfc780593f06b467700968bb918c32547e378b14b4e0dcd11cb0b2fb36ea70946ac62290184b4eed38b51c322a75367b50f558e063bf363341a17c28ddcbf9ce53da06f26303fd156423a25f686809bc9845a78e0cc3d94e04bc8da85f22a4a8ece2c4ac2c79e54dcc4eabc61e067060ad880377a71fe0c2c0305256e4f3c637575f086e4ae3d7ab5d106fde03d24c47dccba3da23a244c1f50a4f60cd8d71b77390c5ce6d5612fd0260a2f33389b064ae6acac783eca62874232fd3808fb2188151a43de6cebc7e245106183f7d929f1eeff6f972da3e3d967170247925fb0f04bf38e88d06321f9ff9d2c296553d842b69036a2b6de2aad3879aedee723ff00736f7b0dffe6182104105ff0f0b636f5192d6bb5ae7ef950825827d2f3d6285d83aedca3f31474e0ad50ce6290a0e546c30d900e5b4208ecc8b3aca0ba3d110fc3c0a7e004a53e5d0ba1cc1c2bb42c3dbcbb4ceb6674151932ae56f6b03cc34ce450c292fecd2456ddcf42b075e6fd49305fbf265a36f3cff61321dd60f16e844089d659130947672a2d059e04af9ef653e8afec926b5a5d411f60a2a435437095a1df8dc60a616bd1a1ce7b5251ed8f905becffebd635eee8ff0055c40f146f1350a406b853ecb005c6ede4dc270ce6751cff915aa27f5f6b0736da14c9949de599d57868c29cc97ad03bd89502a34b88ad29c8762d0dc24a6df759821882a32e70531cab51fa1752a4fc49cf0706cb24d203174b2940f29ef8b0ce65b40cfde4e0c7310c685cc8de8384e485a951192fa8c36c11f9b88a48caf027dca480caa4fccae70ea6c837eb82f926ad7691c7709f217220d71f6e374fb8522a84c118b5c25f3d56acfb25afbe676fc9e574b6c5a59c00a0bbeeff61fd82a1677f3da9bb596133db491a8f11b945d930c8a67de9ce80025c764d518efcbae25d9194dc96c31ed02c63b1ac976715f7233ffed7cb6e929bbb5afabd34bc37c095acd0abbbdb1ea48e40a30ac99550f0ccca19ecef5acb2604c48fffb53b352d114fac72d6fc019ddec558406668f773fed9476148133c0f9ca4d1fd7e70dd04bfa089dc57e5940f29a5fd33dc79913ff48853794fdaf891d71de94c4a4fed0544e09f2bd578b07003031b8602f08ca8a79fa5ebfd5477f4d4f031c3efe0db273446a99d0cbe21a3cf43f3b82774e4657bb4f9675adbaf71c52953f0b18a61e05a9c770536fbad215848f8238e8730b9085189ea4621780dac500d7d7dc7815b45e232f86592498f1515ac8c50306013524cc5f0a74b67bc85d435d332ce69f00641c86a3e91be84b78ac358f35b18d69679df4197d3be8554417cf44aee6dc623f68ce3388df18168efa1c87c776cbda792f6110b6af178eb8200a91dfb72c1e23b5e5a66b5a3ee3f4c2bba2ccac939dcb036006b86e894093922a95fd70baba9424a3d0327a0f209fe10b39f3cec3f669d301a2834e58fd56f94d622dccf653f08e776c9f3e1b0e5b3cdef133834b93c41c70438d51a0b127262868d49ca91623c3d8b75c2cce0b771b9ac941bb96029e782224a3686a7c0dd164e162ede667e0e5817e7bde85ad3bf30a6a5bdc420f751679be74a02f84aa93b971c3f45a67d155f7ecb1d5284660918dbf102bc16f496fb62a1290e6b88ddaff55740583cba13076afd623276634e0c11663be50766980949095003ef5bc6f90a98bbad436b67928513e70115224f672ca2a24e27bb98bd5288c49ea23d47ef13c5ff28c43ce53ca16a6caeccc1f601226253c4a38a88a93828f6c800547cadbaa6d7ad26db618cccd38a671507cad5ba0065ce2edba81a059b95c36c5d04ab456fd6fd81ec3738ebe546d973c0886a5e7b83dd9c2f58f5d6c19519e67575b3732a486555f8d8c4ae004a62e8d07ab2c8ef74cdb96aa99d75aeb1c25985996f281d71106910a3c3da17de35e04dbe00e2b7b75ec2fed177a7f2d04fbf68bd0b8af682b30911867d4d1497ba060b662f4e97a8e7fd3613015cc34302377497cd08bcdc29f06dae240820d2ccddbf8c95c76a4ba5d3e1b37a62369ce3f79fb74ebd9bc82c3fa3edad4034b6715c2853fa7781c974b5a4e541e8b69bf4bd653fcce4e4340d9409fe9112e4d253a3b7e9d43f4426127b10f2d5d3fcd2193490f7d933e0cc53dae552f2d7c9d77b8f9b27c59105cfae43a0aab314a0820fbb5684bf20986e3be215688b42938d272c4c0edd17bcdc84a514d2483456d6cfb4f5c1218859ee55bfc77da36c9c75734932a12fd03df38232063ed92024f8ee7c21f314129feb10670bb4d6a0ad4fb3dc57a64cfe6509a0770650cdec0efd5e0b1fd29433cf871c9ddbe648319bd481357326ac1eb32b4bef4ad89ab6122e92dc786decac88624a4a3963ae771f8023b9a92e446114764c53d7efc07e3ea77a9daac5cabbe648a223e249db62102ef7b7b6d06df46b6ff913911b89848a47aecc0563fb06b6d77fe1daf4541cf619105ab68e0bcdf7a05af22b0551323bf33dec8167df2b7fac62dc9e286dd3462f488c82ad194f7fd5d3ca72fe9c0c37cdb6d75684326e5cb30319ab333fc70bb197320acda161d2e685e78ac2cb1417223f64742b12a316d590b18a4173b2a105a381baf6f383ec2e81d04860b5cc536475d7c5d05bd6a7db1a5d93930bacba8c1de63707bd24785e19fc1f15ba724660ac00d0f2ebbcd5528b8cbe4f3ca332e8611e937a310fc79d234be6c1cd09d6a5cb06ab36a9d667188144c81f86aaf0851763573b36cc21462ba4f3d6e95d38d1e9b943085661d234ef6d079bc9d84c7447c85baba88263451ba10559e1ce326fee5074b26b54872e690a9a1e589e1c444daa3224b292bf9ec4a604dc512760084084f27386c89a1190b8905f0d720508c0ed69272f396725805480188aa4602a26e833c16aa5079c0577a8203ec0b2b929ef3b410bb427c168b7fefd1be652f06efc61c7a295a5d07a9fd61bd5bfe67ac5f74e485a66c92950a1b460257084ca3a3489943ad450300967234b487fa3def4010f9b715196562ebb0846b7ac3eba47646af6285582b4402f64aa684dff7d9cf81fbe1aa88959f7906f06839389f2ad56efb5029afe1d5ceac99a3e698f49ff0da7db06d7c9e94a8773a13fab93def139667b4dc6b741bd2769da7786acecbe315f9006bb6b72abe5bdc587d8d5aa8f67aaefef68197fd2e7874d9b7da2c3a5618720c12e8fc31db3e334c47abcbf10c6181ec14af4f9e90e19a35360a793b1e9b336e49b3ed67568a860cd4c298f967ba323d315821959629e5b7aaac367e1ddb8a1c5d61500afa69331a4c90861852f533657b28b97a343bc531a11ff634b157a6d859a35f0d2a595375e11a32457575f1d73da033bf5eeda12337b9fdd46bce192d3aaaa240a8c65bf47704d6aa64a9531f9de14a96fc9fe380db35dd5ec52321c67fb4c18abcaf22fbe8f602ed201232251317e1a1b71e1e2c924a92d84685de348eec97fed954b7f6681ddf521b4ee03a1aeb2e446ee2a7f4dfa37b1c53831139fc624c14dcc4d144ccdf758fd9f344b4cdc1df70f6a24fa78cab136c912d1ebffa7053ccbc9b9445762236dca409820f738370117d5c369dfc50fd42277f14eeaf29110aedcd503008c42914d04e219a8b6c01e337d04724919b07157e2275ba6365a9dba5ebc8019bd1aa1b8668023f64cf47e1b49b4fbcfc10d560bb74405c90751504db8100d8a8a1a3ff84d98f1262fbbd6b962f492b9531a7411c08e7e56eb0f838075f754b6a395b6b58a8e4c47eb46bfaba2ac94800a396749d18ba0e6219f8d616ec71a1e60b3bcc24e19d4a20ddbc6a871e6d7efa50a362610598d892a5adecbcfe217534deee3620dfc88c7992ec2e710e083ef0a50c20621405f654804d1af4f24d22b8ca48f26303e6969127a74f0b276a5624c3b84410d4d5ee3c62605876e60a88df2bd6e8db8c7e486fdb452178563e7add6bc126b721b9ef8b12181989b87031573a4010d88e34f15a2344e4808b74c99ad68f0c2aca4e8d504397c03e1328c4b1ec43fd902d206c3cfb63d7541ac57fdbc70b0033f87514286101231fe7e79668c802e1c23d61540cdf13a5e675b736e221ddc29ab747d9c64f6213f51d3c1ded2e2b0efc4e45183d90468f61ec1720f7a0b87947e2c54125cebe6563ee4415d886bbe869d17d36371c942c11db1e13c1dd40ed24cabaf7ee80eae6c4db934e982d9619d753dcd679c5650cd95d21582e31b259043a0d03371cd294f4cc028042c75070c9b534a2d79f164ab9d773295795280d1584ca664b53b263fe2e23534d27b0d85742fae8061e03187795129dd272041c6eb9c10c3406da1f752f4ca697bdbddd74975cd4dbba5687fb30ac4fd5d2579494eac73053a63821a852cf41a80f6668006f7e1c4e30b48d638ebab470c558d42baeed1adc8fc71f73e95f3ca212a4b009b508e89898727f805685e4e7650a2961d62c117d1ee9017236a6bffa0c36ae11bc52d346c83399e43c42cdb9f443aa307109a97ee66ceb7a29eeb2f1a2bb3ee1492229116db07301b2aa4126aee7775daa2d0eab4d206fae11b3c6b565dcc4c7b4dd1cf2abec81150d0629803f6eb221be384b8772fe6d6c4fa98c928a9d0a02e9ff8bb7a2168dbebe140323d93bee8983c496bccf752c372b795a3493624cefb3cfeb4307bd39826cac1ea3f18912deef1b8c8db30bc016990a477bc0a925fb36453a9e21354b2d7e6e3d4ca4dd20f27a8db05429d44b7a485365191dc4ba977a815958faf6434813a9f4046054763dd55dbb7fae892b746e169ae046ae3361a9f75cf622b03f75b1633da864395bd1c3a594fab0b1fb37f088dd1f2776e2b795c78635c2026a8ce7ff40968a1960786049a217dd8872ac0c01f4bafcf2d3d751dd46a5e1bec00540a9ca7afca3ef37575d4a8b1291d05be94913092890a9b4bfff39edbff307e5654896e79228777c0f8ea46c55bfe19e522bf457ab4e6b0167d776dbcd0160598370a12c4a03e4edc82b245a7608797b03d4ed89dfc2a5bf07b9fcb251fb8608553f3b3774818717a9aabe6b2ded811515ba454b390a6065bbc59552f3bfe51d38f139792e1aae60093a7c5770b52a1730feb1049c14a7d5261d644f6b738e22ee72aafa422bd93f61e1ccac0a5ef4726c66f61bb539acb937bd63da82c700c0860be90ce5621ced22b52b63d041266fc258fbfa6641aef22e97804e5138ad2ce4405eaf76bb0acd7fc61b2d6de4aabc5c28a850fcf219cff77c97d3cb6bec0067c171b912d11d82c56cbad56c0032a9657d4cdd1eacaca53f40f5e3fe911127e1cd30781351f180e1413933cee2d46ca0eea31ee01fe4e99a567edd0b10565d47b87c8a48366143e889e52d0ff13c920aea092c2545fa9b7056204fec156549d3c0a997bc1cf4a01338483bf5c69d6958ae038f1c3e3b84baeb2c1f9e064c0750602c34c6c483c316391d975f94f21f6dfe74e92c33228b408a9e2b9abcda33c497abba9c48a63e5c8f1a8d0f4c24d36a44e1601e8a09e8a5c7179bd4c44b17e542dd99cace87aab60a5e53325d544c991b6fa5deffa49fd886332980deeca9229cb2f67f495a7b743153854ed81e1623b12dbd65512d08a5732fee2db3fb455cf6df5a1701a2b8674633c6792162dc86ac76e30da225b0167a7e704ad33ba694f9c902afbeed58eef609874767053f59414d4d3eccbbcdbc7eba997c71f9b1f5139bb020d5dae1db6e2dcfbb51b5371b08bdbc3312b05ee6d8c03c8b5a7d4f23da45f276394f222b1a0bdf4e2603243cdba60ee0530387c88bb457ca9932f2283a4d55bb1195e6d325ed93f714e21908b1baafa467f1cec7fa26e5c384ee6828e77978bd1abd014de549a5e5966f2b2f4ba000f9d77f1abfe3a6c337cdb852c1ec59f61b63d543f3062dd2616a163ed7ca60168b0347b5c5646a678dafb4c502c333a0a48f0341b47f5c5946e42e571db0bfa0682a449ca64e71b5661a842975182399245c6de241512c67ac918d7e0c5cb66565010e881b8333567ca584321ead1c383b099d8bf1c56dac08cb218cde4226ad420d6d6313f9c4884d6394722304fdaa76e61db8c0d54eb1151344c41ce1130272928eecb2f9f0f23c752622374eb1223a80efcf0b937dff7d813d7be0340226c0a7b163741d9aecafcb7ddae5a219323323f621c802be82399e06d2e1cc582e759ffa303c5103f8a44d7129d2853b02e506abda57ad2836d7ff16f95232149fbeb8b62e586d3536bb4ae042ecd9e25d1dee789353071f9c89d4361000c47b763556e8902f1f25cbd8ae71679e03ff27db0ec75eeee3fccafc7fcf22c377ac60d3c61a43cb53abf6162118f2efc86a5ce80e69a02bc1db80018beeef6d567941232e4412a958ed012bf7a832c1eaf68134ecabc4927ad666b3d0f21d4e8d52fa37e0a9751124efed8bf47544299138a6f69d89e295677f12606c79b72451c263fca3eec22bf0c47c641159a0bbfb3b2b03154af533e5c06a149e52adcfae31bfc55f30064a8903c8d3b828d275a937b1e4adffa0597da5e253b50bd71b33f057ffeff0b2a0829b3bf33350fbe67c7c79034f80d69e6a21be495a848d328f416f15966491b218eab390544e39d498258ad80ddae248634c845cbe6f1c1e93e7c2b02075411e075fe936bcc75f4a4e1a3687cb3dbbb61cb31ddfbbc87a1859b3a48fccdd8e5915c8bf4eebe8f7093cef6a7a91c8682915f9908c854c483e90c9643467292884d284134dbaddafdbc74d94a5f9713719d62b4f6b4236803d210181847ca27129fde264156895f4e1822ef78a3b215ef56d7e36d2b94c93f5e931a0d13a3a3030061ce62de595eecf47eae6bf698530145757700df18f66fd7261a12c119d6679663b3c0f99d1705aebe66dc862eb21ccb7360b93f54507149b577abf521113991e06f345e8282fdc18de673e1ca7b188ee34b14f37f86ddcf97fef0b913c33cf8e5d5d33707dbcdbe4b27cef056670252f186735cdd02f6ed6bfe5318a704f00e34ffc4fda9855bf37c51be6a7423e44dd8a98883c8fa82ca37c90d681fb7a0db915576b50e49aff545b99aa3aa6343b814ba0bf64e53b2a1edcae2231bf20d65e4bb4da6dc8382120ede652adfb7c30a46e0ee784cbde74563d83eb8d89a1573fa104fddca9d4833c49dc904bda905426c7dee3e48b596c8ee201bea57fedb1a0649457eaac3c5b5f4519af3adb66f10b861e711cd4034448890e15047c2f8902588268b5645051f3f3968ed8d630e050ccef0d01b61ffeade51e4e72d8fd46bba4c20009396e984c424d174934a67a1930665fbea04c809e7cda0a2cdfd3a14d6b99c3a8d8b3691825830456876f188ff871fc861e4c6a0ca377dc1f0cb0f929f7eb1f5da045d9a588a393312acacca5c5a3b15bb1b488b08fc40ad65ae2c1df187eccd8377525a81d80df57579ae52f775fb2efdd172a41c370300fcc594c2635dcf50e9eb9d34fa8b4bbfd13078422e3a7734a8ae6cc09e39d07c7ee19838f8da4cbafe4162c8f8dc44e284840bd0a5c80bfc657c22e37e0d9a96dda34a51ce616c9ccdc95955cf85d93860da902ab30f11aa333eacc25c47981d8636038761ed4d84fcbb0ca92dd2e07863b9505b451c3c49e36a172527578123049ff2dc2b4e258a3f698a12ca4705a6fd0ce6bc4f1767b4d9c2e57c9ed1388527964ac96ff5e4cf5ad6fdb6a853b43905df32af8bd788b520fd526cbb95195a1bc00d654cb080acdf67938517a6cdac741d86730358be16465b4e1301f47f6a444c4e8d2980b8bd98a8dcd6617cde0b287e2d1f59167b5c445146fa49728111b8a2729428cabd02facb8fbddbdb2769680f288648d6baac53e0d909335da3e2b4c13ebd41f32820c9f491e9124ca444a0532f60e2816e15a5810baa91f64454aa355f9d362c7d1a461561689d08b1350a216b6f1bda57aae0706b3710a1b8e52a7e3084e600b5ee3dc540bba0c16267d549304a7840659a32e40070715c9bb912792d4a7b84fa06e73b9ddbc2f06c4edc19d25f5a198c7e3fc6226842e6215da5d826fcf5949612889f78e9de39d4e64b86b7033b5717a21f8f2b81c799a3fc0bfe6f5837b252eefa360c91a6148296bd19d50a343d909c1edf5261e70c8dfb2c488940cf236941ad3fd01247e37902a4bbfdd1839f7c92c260a2c494022fac08629303c8e54108d78ae2c94289c7f998ba3b622b48931ee7c17c59f5499d282467a1b8050acc94a0b17b21836c80b69f519b9b077d18e33c027faad562fa09f2cc6120f8cf5ee18cf7db9d729ffbb9de58885713215b7aebb8c98d9fa009be0a9ef3ceccdb2b31968db555b26c5c94e382d06ebf6d356e8caa85def5813dd1596d823924c4fb63dba5bd094cb64f204d1e59d31287715f831a1f0be95d8749f2166ba0b0b6b64a37991be1fe1c1e922835f2da0c074ec9413561d52166576b1c4f1e18f078dc046d1c284964b80217b55c59a474740c3649116b33e927479736bff6005859c7c00598f22cb8eca38af802f4c86836e8330492ac7ef3707890a8ff856dc7786ed769bba75b18484b257b3b022eeb51aa720639f79e6e6bd3d3c9a61f7822abe562867b4693f0b2f61135aaeaa510b31112efeec48d2602c6d4f2ddeeb51bb03ab18c18d8e127a37e22881febca47742b9332d3f2251003b1a46c40eca111d02446466b669568c70971bd33254ca577777f126f86f8a3665f065b645ff261e78e0f532e83a81b99c5de3488de74ca82daa0e4e7404eff911ae955acbb800f9f91b774e472bc14aa92817b6d85877b1861a6ca92c03c83b6f1490068bad8eab1f58c9e91e1029683de2ca45c99966966031ee86d8c9995f0612480e2a6d5396e8ae361d6fd2e24557613a1191f5019d4c8078628013512ea3a59532efffa6cfe4970d28d8c7aa8c866c4275ff2b0b4ef1a7e56854d7ee4bc445713da9349d13e30a4a802cb9db2f10280fd9ea043b5b3480441e8ed2d907eae1259befba9d87a04ce42b0010c70af157b90e0bf72549852fd122edd6cf3475f76852b13b4bf887cf32e25ad34aed7fd5a6e97b307f9b4ff1c07b2b55beef5ef3dd96eeb2a57720c18209d911a55341cee67e6ff577f7acaba01c2c9690b15a3b8aaa5b9d734196467a8c074b2eeeb5ae931ddf3deb15b1a8d603e72125c2e68ad206f2c4252a659f8248ff882a8e54126ebc0c77a46101072272460e683d465279a3695be6b64c9eeb4a576d95fd520be42eab5c95cbace0dfd80e2d67bab9f683a1cc9c006c02f0f90a21a0f51218c628f5608fbf1abc79aa63452bde1002383033578f32980e3779a8edeb226f6d3f9b36d8f07bddd7479b60346a4b4fa883940e3aef8ad8d834dad4405960a4409a6255e8753d0c0ad0960ff3ef48ce93fbe6b165e86eab36fccb8b989f5b54e6ccaa19749ff065a0a732d15c41b9072bbc6f07e1fd5a3df2775874e46b61ed50714e8c403fbed6884ec06f52ab71d2c191fcc56ac0b17ba3c46d2dab3e11c79383bd8867ff14b5fbca73b9ae594b6a09fb73a2e8f15aee59150e8d6d3dad9659025d045bbd1b9ca257c67bb78abe8f7eb9c8b3bc32951c41f7390bacc8c7059a2a9b078ab50413605aec604e4666a6ace765b0e7ab558fe6232f2703d07811e3d0ac5bf9434e87876e99250ee9db6527a8ccb4a3ee3bde738563c9746f941cf2cd7efacdbd2593cafdbe5171864b2982b54dc5a32c86638c0e650a331625033b8dd65851965ae791880349d5cd52548f4422a317f96ed79e7ccf3bd671e6dc70365f521c65206386eb1f99570a544d11b3d36fea285f8a3770ca303a965a0c1d598ebe3696e647be734ccf760d3d47dec75e236d7ac08019b6622a7b9f08bc8f0937ab75e75a047a7386befbd56fc4b2f89c852dadce8df946cb3fafe4eed2678caadf1a913ae32b2c0b8a37984cb700343c5e24609f8c5ddeff5e653837a9332a41c8e21466a13d79224125d5f6a4fef79b5adae7f4ab7d351c55400545edd3c00637bd27164828925e9bb5d79f1f1e6eb3270ab799ae38772f779565d92c47503de695f7aad7ddacda6f6c71e755b3737231b64715bf07849d3466e4f92239f733436ce674389bd16900", 0x2000, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x100000000404, 0x0, 0xc, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000}}}, 0x0, 0x0, 0x0, 0x0}) readlink(&(0x7f0000000040)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000080)=""/167, 0xa7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000580)='mm_page_alloc\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='ext4_mballoc_prealloc\x00'}, 0x10) 2.934197041s ago: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, 0x0, 0x0}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_ext={0x1c, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="180100002020702500000000002020207b1a01ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540), 0x10, 0x0, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000600)=[{0x0, 0x0, 0x0, 0x5}], 0x10, 0x8001}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x1b, &(0x7f0000000340)=ANY=[@ANYBLOB="05000000000000009500000000000000b7080000000000007b8af8ff00000000b7080000380000007b8af0ff00040000bfa100000000000007010000f8ffffffbff8735d859a25a504e502ca1d6aa400000002000008000000182300", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018110000", @ANYBLOB="0000000000000000b70200000000000085000000860000000500feff0000000085200000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000018"], &(0x7f0000000440)='GPL\x00', 0x401, 0x93, &(0x7f0000000480)=""/147, 0x41000, 0x0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, &(0x7f0000000780), &(0x7f0000000980)=[{0x1, 0x1}, {0x1, 0x0, 0xf, 0x1}, {0x5, 0x2, 0x6}, {0x0, 0x0, 0x0, 0x7}, {0x0, 0x3}, {0x0, 0x1}, {0x0, 0x3, 0x0, 0x8}], 0x10, 0x7}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r4}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r4}, 0x38) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) 2.919270554s ago: executing program 2: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$poke(0x4209, r1, &(0x7f0000000000), 0x0) 1.980348527s ago: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="15b26f226e2966667482d50703b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5dffd691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6be", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3, 0x0, 0x0, 0xfffffdef}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="c9", 0x1}], 0x300}}], 0x3, 0x240080e4) 1.974767048s ago: executing program 0: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000080), 0xfd32) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) 1.430403817s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400fdff00000000dd0a00000000000073019d00000000009500010000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x68000000}, 0x48) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[@ANYBLOB='-7'], 0x9) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000005c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) recvmsg$unix(r3, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000100) 489.62374ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000200)) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000002c0)='\x00!', 0x2}], 0x1, 0x0, 0x0) 433.232559ms ago: executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000080007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c9801288463"], 0xffdd) 389.913706ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 382.092258ms ago: executing program 3: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'erspan0\x00', &(0x7f00000001c0)={'gretap0\x00', 0x0, 0x0, 0x80, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f55802"]) 361.328871ms ago: executing program 3: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x2c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000240)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0xc, 0x0, &(0x7f0000000640)=[@enter_looper, @release], 0x50, 0x0, &(0x7f0000000780)="cbf0cb20191ec155fb04504422f67c13d06eeafce3baecf9ac1f2b172ca71f76774a7c4502424572594cdfe91d7db487bbb7fc688bf21a598e608849d6b520362e903c9dd20f791d720cfd1d912e6cd0"}) 353.328632ms ago: executing program 1: bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = openat$incfs(r0, &(0x7f0000000180)='.pending_reads\x00', 0x0, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f0000000480)={{}, {}, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)='\x00', 0x0, 0x0, 0x0, 0x0}) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @dev}, 0x1c) syz_emit_ethernet(0x2e, &(0x7f0000000200)=ANY=[@ANYRES64, @ANYRES64, @ANYBLOB="028dfcde98", @ANYRES32, @ANYRESDEC, @ANYBLOB="6727bc4d4e6a58a13366e9feb8480f5592e6249b629827b84cb3940bed941103875447f222c9ebb37368eac223728e377a7f1002ca820c3cb309f5e80d676e4ce7b606fb6daba90bea6e7a09eb09f312c51e936ca9585ee9e3dd212574223966246b0327b3270b442ce034de2227bbf2cb2bd7f848d8c9027b707255bd676a6e164ce852de5c2cb15697470dc71ff31bbc5d867a2d771abdc508ffd75b8e98987bee8d2d829484a8c0de9607b497b5057d72179986dcb49cd6aabc1fc48f21b0e022308475058841bf279aba21af708918b5841883e7ae61cb951724ce"], 0x0) r4 = dup2(r2, r2) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100)) r8 = openat$cgroup_ro(r1, &(0x7f00000003c0)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0x1000a) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r8, 0x0) r9 = socket$inet6(0xa, 0x3, 0x7) getsockopt$inet6_buf(r9, 0x29, 0x3d, 0x0, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r7, 0x40046207, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r6, 0x25, 0x14, @val=@perf_event={0x80000000}}, 0x40) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'veth0_vlan\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r4, 0x890c, &(0x7f0000000100)={@remote, @private1, @empty, 0x0, 0x40, 0x0, 0x100, 0x0, 0x20d008c, r10}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000000, 0x10, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, 0x0) fchdir(0xffffffffffffffff) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) 347.027233ms ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x27b8, 0x1ed, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x24, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xe4}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "efb9ce47"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 318.638188ms ago: executing program 1: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = dup(r2) fgetxattr(r3, &(0x7f0000000180)=@known='system.sockprotoname\x00', 0x0, 0x0) 310.438979ms ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000170000009520000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x99, &(0x7f0000000580)=""/153}, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000005000000850000002a00000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0xad, &(0x7f00000001c0)=""/173}, 0x80) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth0_vlan\x00', 0x0}) sendto$packet(r3, &(0x7f0000000180)="0b031407e0ff640f020047540f68a13bb1000e00080008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14) lsetxattr$security_capability(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v2={0x2000000, [{0xd46, 0xc82a}, {0x26b2, 0x2}]}, 0x14, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='neigh_update\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000d80)='neigh_update\x00', r0}, 0x10) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000040)={{0x2, 0x0, @multicast2}, {}, 0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'ip6gre0\x00'}) 172.053982ms ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 0s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x7, 0x4a9, &(0x7f0000000b40)="$eJzs3E9sFFUYAPBvtru0gEhFREHUIhobjS0UFA5eMJp40MSIBz02bSFIoYbWRAjRkhg8GhLvxqNXD17Vm/Fk4hUPHkwMCTFcAE9jZnem3e6flrbbLri/X7L0vZk3+963b97s23m7BNCzhrJ/koiHIuJ6ROysZZcWGKr9uXPr8sTdW5cnYj5NT/6TVMvdzvK54rjteWa4FFH6Iml4wprZi5fOjk9PT13I86Nz5z4enb146eUz58ZPT52eOj92/PjRI4ePvTr2yuqDalFfFtftfZ/N7N/71ofX3pkoF9sH8r/1cXTKUAy1akrV852urMt21KWTchcbwqpk53/WXZXq+N8ZfaHzoFekaZr2t989nza60rQFeGAl0e0WAN1RvNFnn3+LxyZNPe4LN0/UPgBlcd/JH7U95SjlZSoNn287aSgiPpj/95vsEcvdh/hzgxoAAPScn04UM8HG+V8p9tSVezhfQxmMiEciYldEPBoRuyPisYhq2ccj4onGCpKIdJn6dzfkm+c/pRvriW8l2fzvtXxta+n8r5j9xWBfntsRUUyYpw7lr8lwVPpPnZmeOrxMHT+/8ftX7fbVz/+yR1Z/MRfM23Gj3HCDbnJ8bnzNATe4eSViX7kx/qScdVyxEpBExN6I2LeK5x2sS5958bv9C5nK0nIrx1+VtlxH68BSRfptxAu1/p+PJf2/WGOy/Prk6EBMTx0azc6CQy3r+PW3q++2q3/F+H/4q/GQN4/9eHK9YS/I+n9b3fkfxfrtYvyDSUSysF47u/o6rv7xZfV5hw4271vr+b8leb+a3pJv+3R8bu7C4YgtydvN28cWjy3yRfks/uGDrcf/rvyY7JV4MiKyk/ipiHg6Ip7J234gIp6NiBahLfjl9ec+arfvHs//DZPFP9ny+rek/xfX69eQ6Dt74PrdNhePe+v/o9XUcL6l9fUvWXKJuNcGduAlBAAAgPteKarf/S+NLKRLpZGR2j2g3bGtND0zO/fSqZlPzk/WfiMwGJVScaerdj+4khT3Pwfr8mMN+SP5feOv+7ZW8yMTM9OT3Q4eetz26phPmsZ/5u++brcO2HB+8gO9a6Xxv+faJjUE2HTe/6F31Y3/+TZF5n1TBv6fvP9D72o1/j9fwzHAgyU1lqGnGf/Qu8rx3kK61NWWAJvN+z/0pPX8rn/lRNrfetdANBeOgY1pxtYWdXUlkc2sulL71rUcVfxvCm3LRGl1T9gfzbv6otMhVyJixcKn93T85E/z78p3uge/35Rx2irRlcsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAx/0XAAD//8p53a4=") kernel console output (not intermixed with test programs): z [ 122.426093][ T1646] usb 5-1: SerialNumber: syz [ 122.431904][ T1646] r8152-cfgselector 5-1: config 0 descriptor?? [ 122.538699][ T26] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 122.549602][ T26] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 122.559187][ T26] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 122.568100][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.604020][ T20] usb 1-1: USB disconnect, device number 14 [ 122.720649][ T1646] r8152-cfgselector 5-1: Unknown version 0x0000 [ 122.752509][ T1646] r8152-cfgselector 5-1: Unknown version 0x0000 [ 122.759179][ T1646] r8152-cfgselector 5-1: USB disconnect, device number 15 [ 122.848710][ T26] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 122.856364][ T26] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input23 [ 122.865421][ T26] input: failed to attach handler kbd to device input23, error: -5 [ 122.874494][ T26] usb 3-1: USB disconnect, device number 15 [ 123.213180][ T4471] devpts: called with bogus options [ 123.318136][ T4491] loop3: detected capacity change from 0 to 128 [ 123.383203][ T26] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 123.394545][ T4491] FAT-fs (loop3): Unrecognized mount option "ÿÿ" or missing value [ 123.552917][ T4491] loop3: detected capacity change from 0 to 512 [ 123.611293][ T4491] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 123.623472][ T4491] ext4 filesystem being mounted at /root/syzkaller-testdir1581456971/syzkaller.fPd9tM/146/file0 supports timestamps until 2038 (0x7fffffff) [ 123.650564][ T26] usb 2-1: Using ep0 maxpacket: 8 [ 123.674013][ T4491] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #2: comm syz-executor.3: corrupted inode contents [ 123.686188][ T4491] EXT4-fs error (device loop3): ext4_dirty_inode:6024: inode #2: comm syz-executor.3: mark_inode_dirty error [ 123.698086][ T4491] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #2: comm syz-executor.3: corrupted inode contents [ 123.710250][ T4491] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz-executor.3: mark_inode_dirty error [ 123.731302][ T4491] EXT4-fs error (device loop3): ext4_map_blocks:602: inode #2: block 22: comm syz-executor.3: lblock 0 mapped to illegal pblock 22 (length 1) [ 123.750600][ T45] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 123.763581][ T45] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 123.776451][ T45] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 123.778903][ T26] usb 2-1: config 135 has an invalid interface number: 230 but max is 0 [ 123.789257][ T45] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 123.797401][ T26] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 123.810960][ T8] EXT4-fs error (device loop3): ext4_map_blocks:602: inode #3: block 13: comm kworker/u4:0: lblock 0 mapped to illegal pblock 13 (length 1) [ 123.819993][ T26] usb 2-1: config 135 has no interface number 0 [ 123.834056][ T2103] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 123.840033][ T26] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 123.847917][ T8] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 123.872944][ T30] audit: type=1400 audit(1718610387.254:981): avc: denied { execstack } for pid=4503 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 123.904225][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 124.024730][ T26] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 124.035981][ T26] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.045056][ T26] usb 2-1: Product: syz [ 124.049615][ T26] usb 2-1: Manufacturer: syz [ 124.054291][ T26] usb 2-1: SerialNumber: syz [ 124.099681][ T2103] usb 3-1: Using ep0 maxpacket: 16 [ 124.333035][ T1646] usb 2-1: USB disconnect, device number 18 [ 124.365197][ T4532] devpts: called with bogus options [ 124.381100][ T30] audit: type=1400 audit(1718610387.740:982): avc: denied { connect } for pid=4533 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 124.403901][ T30] audit: type=1400 audit(1718610387.759:983): avc: denied { write } for pid=4533 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 124.420242][ T26] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 124.516525][ T2103] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=ed.ec [ 124.525568][ T2103] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.533305][ T2103] usb 3-1: Product: syz [ 124.537308][ T2103] usb 3-1: Manufacturer: syz [ 124.541748][ T2103] usb 3-1: SerialNumber: syz [ 124.546754][ T2103] r8152-cfgselector 3-1: config 0 descriptor?? [ 124.548176][ T4538] loop0: detected capacity change from 0 to 40427 [ 124.604953][ T4538] F2FS-fs (loop0): Found nat_bits in checkpoint [ 124.633562][ T4538] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 124.648759][ T4538] attempt to access beyond end of device [ 124.648759][ T4538] loop0: rw=2049, want=53376, limit=40427 [ 124.660623][ T4538] attempt to access beyond end of device [ 124.660623][ T4538] loop0: rw=0, want=53376, limit=40427 [ 124.674558][ T2689] attempt to access beyond end of device [ 124.674558][ T2689] loop0: rw=2049, want=45104, limit=40427 [ 124.751625][ T314] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 124.802354][ T4552] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 124.811489][ T26] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 124.823258][ T26] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 124.832975][ T26] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 124.841796][ T2103] r8152-cfgselector 3-1: Unknown version 0x0000 [ 124.841801][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.879949][ T2103] r8152-cfgselector 3-1: Unknown version 0x0000 [ 124.886751][ T2103] r8152-cfgselector 3-1: USB disconnect, device number 16 [ 124.893725][ T30] audit: type=1400 audit(1718610388.208:984): avc: denied { mount } for pid=4555 comm="syz-executor.1" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 124.916412][ T30] audit: type=1400 audit(1718610388.217:985): avc: denied { unmount } for pid=2574 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 124.951964][ T4562] 9pnet: p9_errstr2errno: server reported unknown error õ1 g;-‡~  [ 125.011621][ T4566] device pim6reg1 entered promiscuous mode [ 125.125822][ T26] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 125.133696][ T26] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input24 [ 125.142805][ T26] input: failed to attach handler kbd to device input24, error: -5 [ 125.151908][ T26] usb 4-1: USB disconnect, device number 14 [ 125.157889][ T314] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.168957][ T314] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 125.182532][ T314] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 125.193736][ T314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.283983][ T314] usb 5-1: config 0 descriptor?? [ 125.564126][ T2103] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 125.793038][ T4592] loop3: detected capacity change from 0 to 256 [ 125.821211][ T4592] exfat: Deprecated parameter 'utf8' [ 125.828866][ T4592] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 125.840714][ T2103] usb 1-1: Using ep0 maxpacket: 8 [ 125.843009][ T314] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 125.853052][ T314] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 125.903143][ T314] plantronics 0003:047F:FFFF.001A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 126.002763][ T2103] usb 1-1: config 135 has an invalid interface number: 230 but max is 0 [ 126.010911][ T2103] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 126.021138][ T2103] usb 1-1: config 135 has no interface number 0 [ 126.027439][ T2103] usb 1-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 126.028839][ T4596] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 126.184436][ T314] usb 5-1: USB disconnect, device number 16 [ 126.226969][ T2103] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 126.235829][ T2103] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.258982][ T2103] usb 1-1: Product: syz [ 126.263079][ T2103] usb 1-1: Manufacturer: syz [ 126.267513][ T2103] usb 1-1: SerialNumber: syz [ 126.390756][ T4604] device pim6reg1 entered promiscuous mode [ 126.560997][ T1646] usb 1-1: USB disconnect, device number 15 [ 126.825667][ T2103] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 126.979300][ T4636] fuse: Invalid rootmode [ 126.985573][ T30] audit: type=1400 audit(1718610390.172:986): avc: denied { getopt } for pid=4629 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 127.134841][ T4639] loop2: detected capacity change from 0 to 2048 [ 127.279226][ T4639] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 127.336309][ T4647] loop0: detected capacity change from 0 to 256 [ 127.350025][ T4647] exfat: Deprecated parameter 'utf8' [ 127.357397][ T4647] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 127.499214][ T2103] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 127.510125][ T2103] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 127.521497][ T2103] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 127.530390][ T2103] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.539082][ T4649] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 127.884353][ T2103] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 127.893066][ T2103] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input25 [ 127.921037][ T2103] input: failed to attach handler kbd to device input25, error: -5 [ 127.933601][ T30] audit: type=1400 audit(1718610391.061:987): avc: denied { nlmsg_read } for pid=4666 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 127.935940][ T2103] usb 2-1: USB disconnect, device number 19 [ 128.061063][ T4672] loop4: detected capacity change from 0 to 1024 [ 128.173810][ T4674] loop3: detected capacity change from 0 to 1024 [ 128.212726][ T4665] loop2: detected capacity change from 0 to 40427 [ 128.233168][ T4672] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.271596][ T4665] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 128.289618][ T4665] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 128.324603][ T4674] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.346614][ T4665] F2FS-fs (loop2): Found nat_bits in checkpoint [ 128.387380][ T4665] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 128.394285][ T4665] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 128.438234][ T4690] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 128.455604][ T4690] kvm: pic: non byte read [ 128.460024][ T4690] kvm: pic: level sensitive irq not supported [ 128.460104][ T4690] kvm: pic: non byte read [ 128.470382][ T4690] kvm: pic: level sensitive irq not supported [ 128.470432][ T4690] kvm: pic: non byte read [ 128.480864][ T4693] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 128.488378][ T4690] kvm: pic: level sensitive irq not supported [ 128.488596][ T4690] kvm: pic: non byte read [ 128.514440][ T30] audit: type=1400 audit(1718610391.594:988): avc: denied { connect } for pid=4695 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 128.542583][ T4696] x_tables: duplicate entry at hook 2 [ 128.545606][ T30] audit: type=1400 audit(1718610391.622:989): avc: denied { write } for pid=4695 comm="syz-executor.0" laddr=fe80::a lport=1 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 128.571643][ T30] audit: type=1400 audit(1718610391.641:990): avc: denied { create } for pid=4699 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=tcp_socket permissive=1 [ 128.895768][ T4710] loop1: detected capacity change from 0 to 1024 [ 128.952829][ T4717] device syzkaller0 entered promiscuous mode [ 128.963039][ T4710] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.987736][ T4721] loop2: detected capacity change from 0 to 256 [ 129.020318][ T4721] exfat: Deprecated parameter 'utf8' [ 129.027976][ T4721] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 129.030137][ T4724] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 129.079925][ T4730] x_tables: duplicate entry at hook 2 [ 129.118643][ T4738] fuse: Invalid rootmode [ 129.241697][ T1646] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 129.779029][ T4748] loop3: detected capacity change from 0 to 2048 [ 129.790274][ T4751] loop0: detected capacity change from 0 to 1024 [ 129.881000][ T4751] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 129.939187][ T4752] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 129.961227][ T4748] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 130.163531][ T4757] device syzkaller0 entered promiscuous mode [ 130.307709][ T4762] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 130.372382][ T4768] x_tables: duplicate entry at hook 2 [ 130.385719][ T1646] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 130.401918][ T30] audit: type=1400 audit(1718610393.371:991): avc: denied { mounton } for pid=4769 comm="syz-executor.3" path="/root/syzkaller-testdir1581456971/syzkaller.fPd9tM/174/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 130.406842][ T1646] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 130.454933][ T1646] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 130.469559][ T30] audit: type=1400 audit(1718610393.427:992): avc: denied { map } for pid=4773 comm="syz-executor.0" path="socket:[36138]" dev="sockfs" ino=36138 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 130.473924][ T1646] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.545615][ T4782] fuse: Invalid rootmode [ 130.547423][ T30] audit: type=1400 audit(1718610393.511:993): avc: denied { ioctl } for pid=4779 comm="syz-executor.0" path="/dev/usbmon0" dev="devtmpfs" ino=135 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 130.625016][ T4747] loop1: detected capacity change from 0 to 131072 [ 130.642975][ T4789] x_tables: duplicate entry at hook 2 [ 130.657358][ T4791] loop0: detected capacity change from 0 to 256 [ 130.672060][ T4747] F2FS-fs (loop1): invalid crc value [ 130.682048][ T30] audit: type=1400 audit(1718610393.633:994): avc: denied { mounton } for pid=4793 comm="syz-executor.3" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 130.758936][ T4795] loop2: detected capacity change from 0 to 2048 [ 130.767385][ T4791] exfat: Deprecated parameter 'utf8' [ 130.794390][ T4791] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 130.842838][ T4747] F2FS-fs (loop1): Found nat_bits in checkpoint [ 130.913670][ T1646] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 130.925100][ T4795] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 130.937525][ T1646] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input26 [ 130.949822][ T1646] input: failed to attach handler kbd to device input26, error: -5 [ 130.967928][ T1646] usb 5-1: USB disconnect, device number 17 [ 130.979347][ T4747] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 130.995430][ T4793] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.002520][ T4793] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.010933][ T4793] device bridge_slave_0 entered promiscuous mode [ 131.017901][ T4793] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.024739][ T4793] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.032147][ T4793] device bridge_slave_1 entered promiscuous mode [ 131.093441][ T4793] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.100300][ T4793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.107534][ T4793] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.114444][ T4793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.138675][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 131.146434][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.153561][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.167718][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.176029][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.182872][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.191888][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.221254][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.228178][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.296319][ T4805] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 131.333933][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.366181][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.382892][ T4793] device veth0_vlan entered promiscuous mode [ 131.390623][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 131.398735][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 131.406880][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 131.414547][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 131.426317][ T4793] device veth1_macvtap entered promiscuous mode [ 131.434134][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 131.441365][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 131.448791][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 131.457012][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 131.473780][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 131.502341][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 131.511155][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 131.529832][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 131.537913][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 131.583270][ T4825] device pim6reg1 entered promiscuous mode [ 131.892672][ T4837] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 131.956851][ T30] audit: type=1400 audit(1718610394.821:995): avc: denied { getattr } for pid=4844 comm="syz-executor.2" name="/" dev="incremental-fs" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 131.981599][ T4846] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 132.056974][ T4857] device pim6reg1 entered promiscuous mode [ 132.138829][ T26] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 132.149565][ T612] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 132.257090][ T4865] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 132.486045][ T4891] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 132.513418][ T4895] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4895 comm=syz-executor.4 [ 132.526088][ T26] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.526900][ T4895] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 132.536113][ T612] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 132.536146][ T612] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 132.536174][ T612] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 132.536195][ T612] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.557626][ T26] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 132.594149][ T26] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 132.694785][ T26] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 132.703651][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 132.711450][ T26] usb 1-1: SerialNumber: syz [ 132.758092][ T4909] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 132.908611][ T612] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 132.916098][ T612] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input27 [ 132.940683][ T612] input: failed to attach handler kbd to device input27, error: -5 [ 132.949637][ T612] usb 2-1: USB disconnect, device number 20 [ 133.051864][ T4919] loop4: detected capacity change from 0 to 1024 [ 133.065283][ T26] usb 1-1: 0:2 : does not exist [ 133.086181][ T26] usb 1-1: unit 5 not found! [ 133.127067][ T26] usb 1-1: USB disconnect, device number 16 [ 133.156501][ T4919] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 133.256893][ T4923] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 133.412307][ T4911] loop3: detected capacity change from 0 to 131072 [ 133.413435][ T4925] loop2: detected capacity change from 0 to 40427 [ 133.465276][ T4925] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 133.466327][ T4911] F2FS-fs (loop3): invalid crc value [ 133.472793][ T4925] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 133.479806][ T4911] F2FS-fs (loop3): Found nat_bits in checkpoint [ 133.487349][ T4925] F2FS-fs (loop2): invalid crc value [ 133.498429][ T4925] F2FS-fs (loop2): Found nat_bits in checkpoint [ 133.529281][ T4911] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 133.558040][ T4936] device pim6reg1 entered promiscuous mode [ 133.570274][ T4925] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 133.577298][ T4925] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 133.586583][ T4941] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 135.047777][ T3262] attempt to access beyond end of device [ 135.047777][ T3262] loop2: rw=2049, want=45104, limit=40427 [ 135.119607][ T4956] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 135.168150][ T4956] kvm: pic: non byte read [ 135.172969][ T4956] kvm: pic: level sensitive irq not supported [ 135.173052][ T4956] kvm: pic: non byte read [ 135.187740][ T4956] kvm: pic: level sensitive irq not supported [ 135.188052][ T4956] kvm: pic: non byte read [ 135.225339][ T4956] kvm: pic: level sensitive irq not supported [ 135.225391][ T4956] kvm: pic: non byte read [ 135.285053][ T4973] 9pnet: Insufficient options for proto=fd [ 135.306431][ T4978] device pim6reg1 entered promiscuous mode [ 135.399505][ T20] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 135.922994][ T4991] loop2: detected capacity change from 0 to 40427 [ 135.977565][ T4991] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 135.985255][ T4991] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 135.994369][ T4991] F2FS-fs (loop2): invalid crc value [ 136.005307][ T4991] F2FS-fs (loop2): Found nat_bits in checkpoint [ 136.074554][ T4991] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 136.077736][ T4997] loop4: detected capacity change from 0 to 512 [ 136.087806][ T4991] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 136.126496][ T20] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 136.142869][ T20] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 136.154488][ T4971] loop3: detected capacity change from 0 to 131072 [ 136.161022][ T20] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 136.170008][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.170645][ T4997] EXT4-fs (loop4): 1 orphan inode deleted [ 136.183607][ T4997] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 136.204319][ T4997] ext4 filesystem being mounted at /root/syzkaller-testdir1626515355/syzkaller.o5JDxt/138/file1 supports timestamps until 2038 (0x7fffffff) [ 136.220139][ T4971] F2FS-fs (loop3): invalid crc value [ 136.226930][ T4971] F2FS-fs (loop3): Found nat_bits in checkpoint [ 136.238500][ T4997] EXT4-fs error (device loop4): ext4_ext_remove_space:2840: inode #16: comm syz-executor.4: path[1].p_hdr == NULL [ 136.261315][ T4997] EXT4-fs (loop4): Remounting filesystem read-only [ 136.266590][ T4971] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 136.268035][ T4997] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 136.431496][ T5007] loop0: detected capacity change from 0 to 256 [ 136.438190][ T4997] EXT4-fs error (device loop4): ext4_punch_hole:4132: inode #16: comm syz-executor.4: mark_inode_dirty error [ 136.518496][ T4996] EXT4-fs error (device loop4): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.4: bad extent address lblock: 0, depth: 1 pblock 0 [ 136.538181][ T20] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 136.545805][ T20] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input29 [ 136.554832][ T20] input: failed to attach handler kbd to device input29, error: -5 [ 136.559052][ T5007] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 136.563734][ T20] usb 2-1: USB disconnect, device number 21 [ 136.583073][ T4996] EXT4-fs error (device loop4): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.4: bad extent address lblock: 0, depth: 1 pblock 0 [ 136.598577][ T4996] EXT4-fs error (device loop4): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.4: bad extent address lblock: 0, depth: 1 pblock 0 [ 136.612740][ T4996] EXT4-fs error (device loop4): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.4: bad extent address lblock: 0, depth: 1 pblock 0 [ 136.626859][ T4996] EXT4-fs error (device loop4): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.4: bad extent address lblock: 0, depth: 1 pblock 0 [ 136.645481][ T4996] EXT4-fs error (device loop4): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.4: bad extent address lblock: 0, depth: 1 pblock 0 [ 136.660094][ T3262] attempt to access beyond end of device [ 136.660094][ T3262] loop2: rw=2049, want=45104, limit=40427 [ 136.664462][ T4996] EXT4-fs error (device loop4): ext4_ext_map_blocks:4160: inode #16: comm syz-executor.4: bad extent address lblock: 0, depth: 1 pblock 0 [ 136.749281][ T5009] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 136.759393][ T5009] kvm: pic: non byte read [ 136.763637][ T5009] kvm: pic: level sensitive irq not supported [ 136.763670][ T5009] kvm: pic: non byte read [ 136.773895][ T5009] kvm: pic: level sensitive irq not supported [ 136.773929][ T5009] kvm: pic: non byte read [ 136.787613][ T5009] kvm: pic: level sensitive irq not supported [ 136.787686][ T5009] kvm: pic: non byte read [ 137.018987][ T5020] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.025922][ T5020] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.033127][ T5020] device bridge_slave_0 entered promiscuous mode [ 137.039923][ T5020] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.044843][ T5018] loop0: detected capacity change from 0 to 40427 [ 137.046848][ T5020] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.060542][ T5020] device bridge_slave_1 entered promiscuous mode [ 137.079501][ T5018] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 137.087165][ T5018] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 137.108494][ T5018] F2FS-fs (loop0): Found nat_bits in checkpoint [ 137.114354][ T5033] loop1: detected capacity change from 0 to 1024 [ 137.132406][ T5033] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 137.144482][ T5033] EXT4-fs (loop1): invalid journal inode [ 137.164070][ T5018] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 137.166527][ T5020] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.170978][ T5018] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 137.177792][ T5020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.177893][ T5020] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.198969][ T5020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.228713][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.236320][ T613] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.244024][ T613] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.265911][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 137.277956][ T30] audit: type=1400 audit(1718610399.797:996): avc: denied { module_load } for pid=5032 comm="syz-executor.1" path="/root/syzkaller-testdir1913144439/syzkaller.7yggjC/170/bus" dev="sda1" ino=1963 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=system permissive=1 [ 137.290177][ T1646] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.305491][ T5033] Invalid ELF header type: 0 != 1 [ 137.312068][ T1646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.324115][ T20] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 137.331674][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.340323][ T1646] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.347175][ T1646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.365532][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 137.373511][ T1646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 137.982471][ T5020] device veth0_vlan entered promiscuous mode [ 137.989513][ T8] device bridge_slave_1 left promiscuous mode [ 137.995642][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.003336][ T8] device bridge_slave_0 left promiscuous mode [ 138.009397][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.017609][ T8] device veth1_macvtap left promiscuous mode [ 138.032312][ T8] device veth0_vlan left promiscuous mode [ 138.161013][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 138.169364][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 138.177969][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 138.186539][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 138.202141][ T612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 138.210128][ T612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 138.219951][ T5020] device veth1_macvtap entered promiscuous mode [ 138.273033][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.282757][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 138.293098][ T20] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 138.297420][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 138.302217][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.318618][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 138.318683][ T20] usb 4-1: config 0 descriptor?? [ 138.339057][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 138.350163][ T613] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 138.358114][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 138.372478][ T5051] netem: change failed [ 138.387689][ T30] audit: type=1400 audit(1718610400.836:997): avc: denied { getopt } for pid=5056 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 138.611327][ T5059] loop1: detected capacity change from 0 to 40427 [ 138.664201][ T5059] F2FS-fs (loop1): Found nat_bits in checkpoint [ 138.713835][ T5059] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 138.724229][ T6] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 138.747323][ T2574] attempt to access beyond end of device [ 138.747323][ T2574] loop1: rw=524288, want=45072, limit=40427 [ 138.759157][ T2574] attempt to access beyond end of device [ 138.759157][ T2574] loop1: rw=0, want=45072, limit=40427 [ 138.777848][ T613] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.785390][ T8] attempt to access beyond end of device [ 138.785390][ T8] loop1: rw=2049, want=41088, limit=40427 [ 138.788720][ T613] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.809647][ T613] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 138.819734][ T613] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.832337][ T613] usb 3-1: config 0 descriptor?? [ 138.842314][ T20] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor [ 138.851420][ T20] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.001B/input/input31 [ 138.939987][ T20] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 139.073518][ T5022] UDC core: couldn't find an available UDC or it's busy: -16 [ 139.082687][ T5022] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 139.108815][ T5069] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.115689][ T5069] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.122961][ T5069] device bridge_slave_0 entered promiscuous mode [ 139.129696][ T5069] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.137389][ T5069] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.144669][ T5069] device bridge_slave_1 entered promiscuous mode [ 139.151682][ T30] audit: type=1400 audit(1718610401.546:998): avc: denied { relabelfrom } for pid=5075 comm="syz-executor.0" name="" dev="pipefs" ino=36851 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 139.151996][ T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.184275][ T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 139.192922][ T6] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 139.268544][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.275953][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.284821][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.293458][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.301409][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.308285][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.315955][ T613] hid (null): bogus close delimiter [ 139.321099][ T6] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 139.331102][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 139.340070][ T6] usb 5-1: SerialNumber: syz [ 139.348890][ T5085] netem: change failed [ 139.355062][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 139.362934][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.371110][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.379304][ T3814] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.386133][ T3814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.394063][ T8] device bridge_slave_1 left promiscuous mode [ 139.400316][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.406319][ T5089] loop0: detected capacity change from 0 to 1024 [ 139.413589][ T8] device bridge_slave_0 left promiscuous mode [ 139.419534][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.427045][ T8] device veth1_macvtap left promiscuous mode [ 139.432897][ T8] device veth0_vlan left promiscuous mode [ 139.441486][ T5089] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 139.452001][ T5089] EXT4-fs (loop0): invalid journal inode [ 139.487891][ T5089] Invalid ELF header type: 0 != 1 [ 139.514300][ T5092] loop0: detected capacity change from 0 to 256 [ 139.531903][ T3814] usb 4-1: USB disconnect, device number 15 [ 139.538138][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.546148][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.554015][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.558624][ T5092] exfat: Bad value for 'uid' [ 139.562011][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.579860][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 139.588061][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 139.601843][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 139.609776][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 139.617521][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 139.625735][ T5069] device veth0_vlan entered promiscuous mode [ 139.638309][ T612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 139.647641][ T5069] device veth1_macvtap entered promiscuous mode [ 139.654783][ T613] usb 3-1: string descriptor 0 read error: -71 [ 139.657829][ T612] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 139.668904][ T612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 139.678192][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 139.686211][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 139.694214][ T613] uclogic 0003:256C:006D.001C: failed retrieving string descriptor #200: -71 [ 139.703355][ T6] usb 5-1: 0:2 : does not exist [ 139.708346][ T6] usb 5-1: unit 5 not found! [ 139.713223][ T613] uclogic 0003:256C:006D.001C: failed retrieving pen parameters: -71 [ 139.722065][ T6] usb 5-1: USB disconnect, device number 18 [ 139.727794][ T613] uclogic 0003:256C:006D.001C: failed probing pen v2 parameters: -71 [ 139.735942][ T613] uclogic 0003:256C:006D.001C: failed probing parameters: -71 [ 139.744016][ T613] uclogic: probe of 0003:256C:006D.001C failed with error -71 [ 139.752974][ T613] usb 3-1: USB disconnect, device number 17 [ 139.928154][ T5107] loop0: detected capacity change from 0 to 40427 [ 139.976320][ T5107] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 139.985119][ T5107] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 139.996794][ T5107] F2FS-fs (loop0): Found nat_bits in checkpoint [ 140.036280][ T5107] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 140.043221][ T5107] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 140.150692][ T30] audit: type=1400 audit(1718610402.491:999): avc: denied { ioctl } for pid=5118 comm="syz-executor.2" path="/root/syzkaller-testdir3576811532/syzkaller.UQcaHn/137/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x940f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 140.358342][ T5122] loop2: detected capacity change from 0 to 512 [ 140.458289][ T5122] EXT4-fs (loop2): 1 orphan inode deleted [ 140.463901][ T5122] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 140.484581][ T5122] ext4 filesystem being mounted at /root/syzkaller-testdir3576811532/syzkaller.UQcaHn/138/file1 supports timestamps until 2038 (0x7fffffff) [ 140.843356][ T5122] EXT4-fs error (device loop2): ext4_ext_remove_space:2840: inode #18: comm syz-executor.2: path[1].p_hdr == NULL [ 140.857645][ T5122] EXT4-fs (loop2): Remounting filesystem read-only [ 140.885342][ T5122] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 140.900915][ T5122] EXT4-fs error (device loop2): ext4_punch_hole:4132: inode #18: comm syz-executor.2: mark_inode_dirty error [ 140.921047][ T5121] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #18: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0 [ 140.949788][ T5121] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #18: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0 [ 140.964672][ T5121] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #18: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0 [ 140.984442][ T5141] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 140.994393][ T5121] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #18: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0 [ 141.008593][ T5121] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #18: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0 [ 141.028292][ T5121] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #18: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0 [ 141.044360][ T5121] EXT4-fs error (device loop2): ext4_ext_map_blocks:4160: inode #18: comm syz-executor.2: bad extent address lblock: 0, depth: 1 pblock 0 [ 141.240153][ T5156] loop0: detected capacity change from 0 to 40427 [ 141.280140][ T5156] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 141.287789][ T5156] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 141.300603][ T5169] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.308070][ T5169] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.328890][ T5156] F2FS-fs (loop0): Found nat_bits in checkpoint [ 141.329624][ T5169] device bridge_slave_0 entered promiscuous mode [ 141.342012][ T5169] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.349037][ T5169] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.357494][ T5169] device bridge_slave_1 entered promiscuous mode [ 141.366477][ T6] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 141.394755][ T5156] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 141.407762][ T5156] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 141.425728][ T5190] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5190 comm=syz-executor.3 [ 141.480072][ T5169] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.487066][ T5169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.494159][ T5169] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.501006][ T5169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.530900][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.538245][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.560236][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.567497][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.574884][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.809887][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.818259][ T3814] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.825131][ T3814] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.832708][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.841362][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.849382][ T3814] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.856214][ T3814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.874319][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 141.882414][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 141.890230][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 141.898098][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 141.912302][ T5169] device veth0_vlan entered promiscuous mode [ 141.919475][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 141.927839][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 141.936188][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 141.944006][ T3814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 141.959963][ T5169] device veth1_macvtap entered promiscuous mode [ 141.968671][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 141.976407][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 141.983703][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 141.991661][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.002627][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 142.010357][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.021468][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 142.028900][ T6] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 142.056657][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.065171][ T6] usb 5-1: config 0 descriptor?? [ 142.074538][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 142.082925][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.092761][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 142.102003][ T613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 142.145731][ T5210] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 142.188896][ T380] device bridge_slave_1 left promiscuous mode [ 142.194889][ T380] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.202329][ T380] device bridge_slave_0 left promiscuous mode [ 142.208333][ T380] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.216032][ T380] device veth1_macvtap left promiscuous mode [ 142.221897][ T380] device veth0_vlan left promiscuous mode [ 142.337756][ T26] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 142.573234][ T6] hid (null): bogus close delimiter [ 142.594251][ T26] usb 2-1: Using ep0 maxpacket: 8 [ 142.723031][ T26] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.736459][ T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.754017][ T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 142.769306][ T26] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 142.782831][ T26] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 142.872248][ T26] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 142.888739][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 142.897077][ T5240] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 142.915911][ T26] usb 2-1: SerialNumber: syz [ 142.927246][ T5246] bridge0: port 3(syz_tun) entered blocking state [ 142.933648][ T5246] bridge0: port 3(syz_tun) entered disabled state [ 142.940315][ T5246] device syz_tun entered promiscuous mode [ 142.945985][ T5246] bridge0: port 3(syz_tun) entered blocking state [ 142.952223][ T5246] bridge0: port 3(syz_tun) entered forwarding state [ 142.952234][ T6] usb 5-1: string descriptor 0 read error: -71 [ 142.959203][ T26] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 142.970814][ T5246] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 142.971961][ T26] usb-storage 2-1:1.0: USB Mass Storage device detected [ 142.983841][ T6] uclogic 0003:256C:006D.001D: failed retrieving string descriptor #200: -71 [ 142.997638][ T6] uclogic 0003:256C:006D.001D: failed retrieving pen parameters: -71 [ 142.997847][ T30] audit: type=1326 audit(1718610405.148:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.005561][ T6] uclogic 0003:256C:006D.001D: failed probing pen v2 parameters: -71 [ 143.054300][ T30] audit: type=1326 audit(1718610405.185:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.057306][ T6] uclogic 0003:256C:006D.001D: failed probing parameters: -71 [ 143.081462][ T5255] loop2: detected capacity change from 0 to 256 [ 143.085427][ T6] uclogic: probe of 0003:256C:006D.001D failed with error -71 [ 143.091654][ T30] audit: type=1326 audit(1718610405.185:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.099868][ T6] usb 5-1: USB disconnect, device number 19 [ 143.122727][ T26] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 143.130290][ T30] audit: type=1326 audit(1718610405.185:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.159741][ T30] audit: type=1326 audit(1718610405.185:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.159820][ T30] audit: type=1326 audit(1718610405.185:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.159898][ T30] audit: type=1326 audit(1718610405.185:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.159971][ T30] audit: type=1326 audit(1718610405.195:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.160036][ T30] audit: type=1326 audit(1718610405.195:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.160092][ T30] audit: type=1326 audit(1718610405.195:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5249 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f605fdbbea9 code=0x7ffc0000 [ 143.191316][ T5255] exfat: Deprecated parameter 'utf8' [ 143.192114][ T5255] exfat: Deprecated parameter 'utf8' [ 143.209174][ T5255] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 143.413028][ T26] usb 2-1: USB disconnect, device number 22 [ 143.573995][ T5264] device pim6reg1 entered promiscuous mode [ 143.727889][ T5270] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 143.787525][ T5281] bridge0: port 3(syz_tun) entered blocking state [ 143.797651][ T5281] bridge0: port 3(syz_tun) entered disabled state [ 143.804840][ T5281] device syz_tun entered promiscuous mode [ 143.812675][ T5286] syz-executor.0[5286] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.812737][ T5286] syz-executor.0[5286] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.842472][ T5288] loop0: detected capacity change from 0 to 2048 [ 143.862566][ T5281] bridge0: port 3(syz_tun) entered blocking state [ 143.868823][ T5281] bridge0: port 3(syz_tun) entered forwarding state [ 143.876713][ T5281] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 143.902463][ T5291] loop1: detected capacity change from 0 to 1024 [ 143.921919][ T5291] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 143.932724][ T5291] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,data_err=abort,nogrpid,nogrpid,nomblk_io_submit,,errors=continue. Quota mode: none. [ 144.226716][ T5296] loop3: detected capacity change from 0 to 512 [ 144.263158][ T5296] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 144.270481][ T5302] loop1: detected capacity change from 0 to 256 [ 144.278908][ T5296] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 144.297152][ T5296] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 144.309568][ T5296] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 144.319985][ T5296] ext2 filesystem being mounted at /root/syzkaller-testdir1347495543/syzkaller.JUL61d/41/file0 supports timestamps until 2038 (0x7fffffff) [ 144.339846][ T5296] overlayfs: upper fs needs to support d_type. [ 144.349410][ T5296] overlayfs: upper fs needs to support d_type. [ 144.507871][ T6] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 144.518633][ T1646] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 144.732425][ T3814] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 144.807248][ T1646] usb 3-1: Using ep0 maxpacket: 8 [ 144.924874][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.935701][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.945519][ T6] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 145.220789][ T5351] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5351 comm=syz-executor.4 [ 145.233885][ T5351] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5351 comm=syz-executor.4 [ 145.246313][ T1646] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 145.259306][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.267267][ T1646] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.278308][ T1646] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 145.288504][ T6] usb 1-1: config 0 descriptor?? [ 145.288612][ T1646] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 145.302863][ T1646] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.385079][ T1646] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 145.393927][ T1646] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 145.401738][ T1646] usb 3-1: SerialNumber: syz [ 145.427370][ T3814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.438288][ T3814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.647554][ T1646] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 145.654102][ T3814] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 145.663130][ T1646] usb-storage 3-1:1.0: USB Mass Storage device detected [ 145.670144][ T3814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.678468][ T1646] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 145.686560][ T3814] usb 2-1: config 0 descriptor?? [ 145.727872][ T1646] usb 3-1: USB disconnect, device number 18 [ 145.780547][ T5363] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5363 comm=syz-executor.3 [ 145.793446][ T6] hid (null): bogus close delimiter [ 146.175645][ T6] usb 1-1: string descriptor 0 read error: -71 [ 146.197968][ T3814] lg-g15 0003:046D:C222.001F: item fetching failed at offset 10/11 [ 146.205737][ T6] uclogic 0003:256C:006D.001E: failed retrieving string descriptor #200: -71 [ 146.214404][ T3814] lg-g15: probe of 0003:046D:C222.001F failed with error -22 [ 146.233944][ T6] uclogic 0003:256C:006D.001E: failed retrieving pen parameters: -71 [ 146.242612][ T6] uclogic 0003:256C:006D.001E: failed probing pen v2 parameters: -71 [ 146.250535][ T6] uclogic 0003:256C:006D.001E: failed probing parameters: -71 [ 146.257807][ T6] uclogic: probe of 0003:256C:006D.001E failed with error -71 [ 146.265916][ T6] usb 1-1: USB disconnect, device number 17 [ 146.284540][ T5369] syz-executor.2[5369] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.284603][ T5369] syz-executor.2[5369] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.298423][ T5369] syz-executor.2[5369] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.307626][ T5373] bridge0: port 3(syz_tun) entered blocking state [ 146.310413][ T5369] syz-executor.2[5369] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.322801][ T5373] bridge0: port 3(syz_tun) entered disabled state [ 146.349029][ T5373] device syz_tun entered promiscuous mode [ 146.354657][ T5373] bridge0: port 3(syz_tun) entered blocking state [ 146.360841][ T5373] bridge0: port 3(syz_tun) entered forwarding state [ 146.368201][ T5374] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 146.414207][ T26] usb 2-1: USB disconnect, device number 23 [ 146.427530][ T5380] loop2: detected capacity change from 0 to 2048 [ 146.431192][ T5382] loop4: detected capacity change from 0 to 256 [ 146.906090][ T5397] loop0: detected capacity change from 0 to 1024 [ 146.946242][ T5397] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 146.957766][ T5397] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,data_err=abort,nogrpid,nogrpid,nomblk_io_submit,,errors=continue. Quota mode: none. [ 147.235975][ T5406] syz-executor.0[5406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.236784][ T5406] syz-executor.0[5406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.249986][ T5406] syz-executor.0[5406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.261755][ T5406] syz-executor.0[5406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.288935][ T5412] loop0: detected capacity change from 0 to 256 [ 147.362126][ T5425] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5425 comm=syz-executor.0 [ 147.375299][ T5425] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5425 comm=syz-executor.0 [ 147.627036][ T5439] loop0: detected capacity change from 0 to 1024 [ 147.839411][ T5439] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 147.872990][ T5447] loop3: detected capacity change from 0 to 256 [ 147.879468][ T5423] loop1: detected capacity change from 0 to 40427 [ 147.888708][ T5449] loop2: detected capacity change from 0 to 512 [ 147.897780][ T5423] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 147.905325][ T5423] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 147.916513][ T5423] F2FS-fs (loop1): Found nat_bits in checkpoint [ 147.929599][ T5449] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 147.940477][ T5449] [EXT4 FS bs=4096, gc=1, bpg=71, ipg=32, mo=a842c09c, mo2=0000] [ 147.948103][ T5449] System zones: 0-2, 18-18, 34-34 [ 147.954499][ T5449] EXT4-fs (loop2): 1 orphan inode deleted [ 147.954975][ T5423] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 147.961615][ T5449] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,stripe=0x000000000000000a,nolazytime,noquota,jqfmt=vfsold,minixdf,init_itable=0x0000000000000002,grpid,debug,,errors=continue. Quota mode: writeback. [ 147.972963][ T5423] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 147.996417][ T5449] ext4 filesystem being mounted at /root/syzkaller-testdir162369201/syzkaller.NvRyT8/29/file1 supports timestamps until 2038 (0x7fffffff) [ 147.998864][ T5423] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 148.049699][ T5069] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 148.049737][ T5069] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 148.057263][ T5069] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 148.064629][ T5069] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 148.072375][ T5069] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 148.079759][ T5069] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 148.087377][ T5069] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 148.480097][ T6] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 148.516761][ T5463] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 148.572872][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 148.572886][ T30] audit: type=1400 audit(1718610410.367:1034): avc: denied { map } for pid=5473 comm="syz-executor.1" path="socket:[38966]" dev="sockfs" ino=38966 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 148.880159][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 149.150686][ T5491] loop4: detected capacity change from 0 to 40427 [ 149.180288][ T5491] F2FS-fs (loop4): Fix alignment : internally, start(4096) end(16896) block(12288) [ 149.190081][ T5491] F2FS-fs (loop4): invalid crc value [ 149.195530][ T5491] F2FS-fs (loop4): invalid crc value [ 149.200813][ T5491] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 149.316268][ T5496] loop2: detected capacity change from 0 to 1024 [ 149.389631][ T5496] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 149.482831][ T5491] input: syz0 as /devices/virtual/input/input32 [ 149.490982][ T5491] overlayfs: unrecognized mount option " [ 149.490982][ T5491] B: KEY=10000000000000 0 [ 149.490982][ T5491] [ 149.490982][ T5491] I: Bus=0019 Vendor=0000 Product=0003 Version=0000 [ 149.490982][ T5491] N: Name="Sleep Button" [ 149.490982][ T5491] P: Phys=LNXSLPBN/button/input0 [ 149.490982][ T5491] S: Sysfs=/devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 [ 149.490982][ T5491] U: Uniq= [ 149.490982][ T5491] H: Handlers=kbd event1 [ 149.490982][ T5491] B: PROP=0 [ 149.490982][ T5491] B: EV=3 [ 149.490982][ T5491] B: KEY=4000 0 0 [ 149.490982][ T5491] [ 149.490982][ T5491] I: Bus=0011 Vendor=0001 Product=0001 Version=abba [ 149.490982][ T5491] N: Name="AT Translated Set 2 keyboard" [ 149.490982][ T5491] P: Phys=isa0060/serio0/input0 [ 149.490982][ T5491] S: Sysfs=/devices/platform/i8042/serio0/input/input2 [ 149.490982][ T5491] U: Uniq= [ 149.490982][ T5491] H: Handlers=kbd leds event2 [ 149.490982][ T5491] B: PROP=0 [ 149.490982][ T5491] B: EV=120013 [ 149.636200][ T5509] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 149.642825][ T30] audit: type=1400 audit(1718610411.368:1035): avc: denied { nlmsg_read } for pid=5508 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 149.676659][ T5514] bpf_get_probe_write_proto: 6 callbacks suppressed [ 149.676702][ T5514] syz-executor.4[5514] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.683249][ T6] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 149.704704][ T5514] syz-executor.4[5514] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.704827][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.724183][ T6] usb 4-1: Product: syz [ 149.759965][ T6] usb 4-1: Manufacturer: syz [ 149.764413][ T6] usb 4-1: SerialNumber: syz [ 149.769445][ T6] r8152-cfgselector 4-1: config 0 descriptor?? [ 149.958973][ T5525] loop1: detected capacity change from 0 to 40427 [ 150.026348][ T5525] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 150.035806][ T6] r8152-cfgselector 4-1: Unknown version 0x0000 [ 150.042631][ T5525] F2FS-fs (loop1): invalid crc value [ 150.048057][ T5525] F2FS-fs (loop1): invalid crc value [ 150.053344][ T5525] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 150.175200][ T5169] bridge0: port 3(syz_tun) entered disabled state [ 150.190179][ T5169] device syz_tun left promiscuous mode [ 150.206111][ T5169] bridge0: port 3(syz_tun) entered disabled state [ 150.215404][ T5532] loop4: detected capacity change from 0 to 40427 [ 150.219566][ T5525] input: syz0 as /devices/virtual/input/input33 [ 150.231564][ T5525] overlayfs: unrecognized mount option " [ 150.231564][ T5525] B: KEY=10000000000000 0 [ 150.231564][ T5525] [ 150.231564][ T5525] I: Bus=0019 Vendor=0000 Product=0003 Version=0000 [ 150.231564][ T5525] N: Name="Sleep Button" [ 150.231564][ T5525] P: Phys=LNXSLPBN/button/input0 [ 150.231564][ T5525] S: Sysfs=/devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 [ 150.231564][ T5525] U: Uniq= [ 150.231564][ T5525] H: Handlers=kbd event1 [ 150.231564][ T5525] B: PROP=0 [ 150.231564][ T5525] B: EV=3 [ 150.231564][ T5525] B: KEY=4000 0 0 [ 150.231564][ T5525] [ 150.231564][ T5525] I: Bus=0011 Vendor=0001 Product=0001 Version=abba [ 150.231564][ T5525] N: Name="AT Translated Set 2 keyboard" [ 150.231564][ T5525] P: Phys=isa0060/serio0/input0 [ 150.231564][ T5525] S: Sysfs=/devices/platform/i8042/serio0/input/input2 [ 150.231564][ T5525] U: Uniq= [ 150.231564][ T5525] H: Handlers=kbd leds event2 [ 150.231564][ T5525] B: PROP=0 [ 150.231564][ T5525] B: EV=120013 [ 150.334297][ T6] r8152-cfgselector 4-1: Unknown version 0x0000 [ 150.340551][ T6] r8152-cfgselector 4-1: bad CDC descriptors [ 150.347368][ T5532] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 150.354957][ T5532] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 150.365230][ T5541] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.372278][ T6] r8152-cfgselector 4-1: Unknown version 0x0000 [ 150.372742][ T5541] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.385746][ T5541] device bridge_slave_0 entered promiscuous mode [ 150.385837][ T6] r8152-cfgselector 4-1: USB disconnect, device number 16 [ 150.392777][ T5541] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.405746][ T5541] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.412984][ T5541] device bridge_slave_1 entered promiscuous mode [ 150.422646][ T5532] F2FS-fs (loop4): Found nat_bits in checkpoint [ 150.472548][ T5532] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 150.513706][ T5541] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.520565][ T5541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.527699][ T5541] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.534535][ T5541] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.561502][ T5532] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 150.564797][ T30] audit: type=1400 audit(1718610412.229:1036): avc: denied { ioctl } for pid=5554 comm="syz-executor.0" path="socket:[40127]" dev="sockfs" ino=40127 ioctlcmd=0x8b30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 150.568464][ T5532] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 150.612471][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 150.621240][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 150.633363][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 150.689274][ T5555] loop0: detected capacity change from 0 to 2048 [ 150.716323][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 150.753730][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 150.793328][ T5020] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 150.793361][ T5020] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 150.841151][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 150.845365][ T5020] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 150.855868][ T5541] device veth0_vlan entered promiscuous mode [ 150.880645][ T5555] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 150.880932][ T5541] device veth1_macvtap entered promiscuous mode [ 150.900773][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 150.919789][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 150.959647][ T30] audit: type=1400 audit(1718610412.594:1037): avc: denied { read } for pid=5554 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 150.988880][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 150.996228][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 151.011754][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 151.024228][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 151.045343][ T5566] syz-executor.2[5566] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.045399][ T5566] syz-executor.2[5566] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.158023][ T5567] loop3: detected capacity change from 0 to 1024 [ 151.235104][ T5567] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 151.436513][ T8] device bridge_slave_1 left promiscuous mode [ 151.450611][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.458378][ T5585] loop1: detected capacity change from 0 to 512 [ 151.478442][ T8] device bridge_slave_0 left promiscuous mode [ 151.500741][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.509056][ T8] device veth1_macvtap left promiscuous mode [ 151.516072][ T8] device veth0_vlan left promiscuous mode [ 151.523555][ T5585] EXT4-fs warning (device loop1): ext4_multi_mount_protect:326: fsck is running on the filesystem [ 151.540015][ T5590] loop4: detected capacity change from 0 to 256 [ 151.548477][ T5585] EXT4-fs warning (device loop1): ext4_multi_mount_protect:326: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 151.742162][ T5589] loop0: detected capacity change from 0 to 40427 [ 151.763072][ T5604] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 151.789485][ T5589] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 151.820238][ T5589] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 151.876331][ T5589] F2FS-fs (loop0): Found nat_bits in checkpoint [ 151.969311][ T5589] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 151.980929][ T5632] loop3: detected capacity change from 0 to 256 [ 151.990353][ T5589] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 151.997457][ T5589] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 152.026061][ T5632] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x421408f7, utbl_chksum : 0xe619d30d) [ 152.047627][ T5632] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 152.070963][ T30] audit: type=1400 audit(1718610413.641:1038): avc: denied { remove_name } for pid=5631 comm="syz-executor.3" name="file1" dev="loop3" ino=1048673 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 152.114657][ T30] audit: type=1400 audit(1718610413.660:1039): avc: denied { unlink } for pid=5631 comm="syz-executor.3" name="file1" dev="loop3" ino=1048673 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 152.360308][ T5651] loop1: detected capacity change from 0 to 1024 [ 152.451026][ T5651] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 152.503984][ T20] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 152.529031][ T5656] No source specified [ 152.596698][ T5645] loop3: detected capacity change from 0 to 40427 [ 152.677032][ T5645] F2FS-fs (loop3): invalid crc value [ 152.683158][ T5645] F2FS-fs (loop3): Found nat_bits in checkpoint [ 152.711859][ T5645] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 152.990740][ T20] usb 3-1: Using ep0 maxpacket: 16 [ 153.073195][ T5676] attempt to access beyond end of device [ 153.073195][ T5676] loop3: rw=10241, want=45104, limit=40427 [ 153.091892][ T5676] attempt to access beyond end of device [ 153.091892][ T5676] loop3: rw=2049, want=45112, limit=40427 [ 153.304787][ T4793] attempt to access beyond end of device [ 153.304787][ T4793] loop3: rw=2049, want=45120, limit=40427 [ 153.370796][ T20] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.381178][ T20] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 153.389897][ T20] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 153.424769][ T5680] loop1: detected capacity change from 0 to 40427 [ 153.467412][ T5680] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 153.474973][ T5680] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 153.484119][ T5680] F2FS-fs (loop1): invalid crc value [ 153.490835][ T5680] F2FS-fs (loop1): Found nat_bits in checkpoint [ 153.505475][ T5682] loop3: detected capacity change from 0 to 2048 [ 153.541097][ T5680] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 153.548300][ T5680] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 153.599132][ T5682] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 153.627029][ T20] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 153.659001][ T20] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.666899][ T20] usb 3-1: Product: syz [ 153.671832][ T20] usb 3-1: Manufacturer: syz [ 153.676257][ T20] usb 3-1: SerialNumber: syz [ 154.033221][ T6] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 154.044079][ T20] usb 3-1: 0:2 : does not exist [ 154.050201][ T20] usb 3-1: USB disconnect, device number 19 [ 154.442188][ T5069] attempt to access beyond end of device [ 154.442188][ T5069] loop1: rw=2049, want=45104, limit=40427 [ 154.471496][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 154.621249][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.632101][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.641607][ T6] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 154.655601][ T6] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 154.664554][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.673241][ T6] usb 5-1: config 0 descriptor?? [ 155.104820][ T5729] loop3: detected capacity change from 0 to 65536 [ 155.128693][ T5733] loop0: detected capacity change from 0 to 2048 [ 155.136533][ T5729] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 155.178101][ T6] koneplus 0003:1E7D:2E22.0020: unknown main item tag 0x0 [ 155.185983][ T6] koneplus 0003:1E7D:2E22.0020: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.4-1/input0 [ 155.198585][ T5733] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.409112][ T5737] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 155.417709][ T5737] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 155.425705][ T5737] overlayfs: missing 'lowerdir' [ 155.458554][ T30] audit: type=1400 audit(1718610416.756:1040): avc: denied { mounton } for pid=5728 comm="syz-executor.3" path="/root/syzkaller-testdir1347495543/syzkaller.JUL61d/67/file0/bus" dev="loop3" ino=1048676 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 155.490681][ T5740] No source specified [ 155.508580][ T6] koneplus 0003:1E7D:2E22.0020: couldn't init struct koneplus_device [ 155.516453][ T6] koneplus 0003:1E7D:2E22.0020: couldn't install mouse [ 155.565813][ T5748] device pim6reg1 entered promiscuous mode [ 155.579945][ T6] koneplus: probe of 0003:1E7D:2E22.0020 failed with error -71 [ 155.588326][ T6] usb 5-1: USB disconnect, device number 20 [ 155.659191][ T5756] device sit0 entered promiscuous mode [ 155.689558][ T5763] loop0: detected capacity change from 0 to 256 [ 155.755544][ T5763] exfat: Deprecated parameter 'utf8' [ 155.760878][ T5763] exfat: Deprecated parameter 'utf8' [ 155.774388][ T5763] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 156.091084][ T5784] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 156.116838][ T30] audit: type=1400 audit(1718610417.420:1041): avc: denied { mounton } for pid=5773 comm="syz-executor.0" path="/root/syzkaller-testdir2454658730/syzkaller.9DyK2x/276/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 156.305779][ T5793] loop4: detected capacity change from 0 to 65536 [ 156.367809][ T5793] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 156.470662][ T6] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 157.182461][ T5799] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 157.191029][ T5799] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 157.199114][ T5799] overlayfs: missing 'lowerdir' [ 157.572708][ T5816] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 157.721444][ T314] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 157.828849][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.861168][ T6] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 157.905843][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.947954][ T6] usb 4-1: config 0 descriptor?? [ 158.046914][ T5823] loop0: detected capacity change from 0 to 40427 [ 158.097621][ T5823] F2FS-fs (loop0): invalid crc value [ 158.103803][ T5823] F2FS-fs (loop0): Found nat_bits in checkpoint [ 158.133168][ T5823] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 158.245298][ T314] usb 3-1: Using ep0 maxpacket: 16 [ 158.311815][ T5839] attempt to access beyond end of device [ 158.311815][ T5839] loop0: rw=10241, want=45104, limit=40427 [ 158.327947][ T5839] attempt to access beyond end of device [ 158.327947][ T5839] loop0: rw=2049, want=45112, limit=40427 [ 158.416570][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.427662][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.437490][ T314] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 158.450313][ T314] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 158.468683][ T314] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.477276][ T314] usb 3-1: config 0 descriptor?? [ 158.491782][ T6] keytouch 0003:0926:3333.0021: fixing up Keytouch IEC report descriptor [ 158.501087][ T6] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0021/input/input35 [ 158.563702][ T2689] attempt to access beyond end of device [ 158.563702][ T2689] loop0: rw=2049, want=45120, limit=40427 [ 158.596155][ T6] keytouch 0003:0926:3333.0021: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 158.705603][ T5783] UDC core: couldn't find an available UDC or it's busy: -16 [ 158.712800][ T5783] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 158.810586][ T5841] loop4: detected capacity change from 0 to 65536 [ 158.857331][ T5841] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 158.997007][ T314] koneplus 0003:1E7D:2E22.0022: unknown main item tag 0x0 [ 159.061014][ T5855] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 159.069584][ T5855] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 159.077599][ T5855] overlayfs: missing 'lowerdir' [ 159.112150][ T314] koneplus 0003:1E7D:2E22.0022: hidraw1: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.2-1/input0 [ 159.199664][ T3012] usb 4-1: USB disconnect, device number 17 [ 159.228906][ T314] koneplus 0003:1E7D:2E22.0022: couldn't init struct koneplus_device [ 159.236849][ T314] koneplus 0003:1E7D:2E22.0022: couldn't install mouse [ 159.243827][ T314] koneplus: probe of 0003:1E7D:2E22.0022 failed with error -71 [ 159.251900][ T314] usb 3-1: USB disconnect, device number 20 [ 159.657607][ T30] audit: type=1326 audit(1718610420.741:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5865 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 159.681756][ T30] audit: type=1326 audit(1718610420.741:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5865 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 159.705652][ T30] audit: type=1326 audit(1718610420.741:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5865 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 159.730031][ T30] audit: type=1326 audit(1718610420.741:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5865 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 159.769536][ T30] audit: type=1326 audit(1718610420.741:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5865 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 160.009107][ T5880] incfs: Error accessing: ./file0. [ 160.077379][ T5880] incfs: mount failed -20 [ 160.159146][ T5870] loop0: detected capacity change from 0 to 40427 [ 160.173565][ T5870] F2FS-fs (loop0): invalid crc value [ 160.180527][ T5870] F2FS-fs (loop0): Found nat_bits in checkpoint [ 160.209712][ T5870] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 160.324694][ T5909] incfs: Error accessing: ./file0. [ 160.329707][ T5909] incfs: mount failed -20 [ 160.395103][ T5911] attempt to access beyond end of device [ 160.395103][ T5911] loop0: rw=10241, want=45104, limit=40427 [ 160.412635][ T5911] attempt to access beyond end of device [ 160.412635][ T5911] loop0: rw=2049, want=45112, limit=40427 [ 160.458292][ T612] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 160.641462][ T2689] attempt to access beyond end of device [ 160.641462][ T2689] loop0: rw=2049, want=45120, limit=40427 [ 160.843165][ T612] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.854168][ T612] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 160.863019][ T612] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.871449][ T612] usb 2-1: config 0 descriptor?? [ 161.024761][ T5944] loop0: detected capacity change from 0 to 40427 [ 161.035538][ T20] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 161.058961][ T5944] F2FS-fs (loop0): invalid crc value [ 161.065395][ T5944] F2FS-fs (loop0): Found nat_bits in checkpoint [ 161.099245][ T5944] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 161.150670][ T5957] loop2: detected capacity change from 0 to 1024 [ 161.175786][ T5957] EXT4-fs (loop2): Test dummy encryption mode enabled [ 161.182504][ T5957] EXT4-fs (loop2): Test dummy encryption mode enabled [ 161.189149][ T5957] EXT4-fs (loop2): Ignoring removed orlov option [ 161.198309][ T5957] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,dioread_lock,test_dummy_encryption,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 161.226854][ T5957] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 161.286275][ T5963] attempt to access beyond end of device [ 161.286275][ T5963] loop0: rw=10241, want=45104, limit=40427 [ 161.304230][ T5963] attempt to access beyond end of device [ 161.304230][ T5963] loop0: rw=2049, want=45112, limit=40427 [ 161.499940][ T612] keytouch 0003:0926:3333.0023: fixing up Keytouch IEC report descriptor [ 161.509935][ T612] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0023/input/input36 [ 161.538263][ T20] usb 5-1: Using ep0 maxpacket: 16 [ 161.574181][ T30] audit: type=1326 audit(1718610422.528:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5974 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1e4957ea9 code=0x7ffc0000 [ 161.599542][ T612] keytouch 0003:0926:3333.0023: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 161.622740][ T30] audit: type=1326 audit(1718610422.528:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5974 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7ff1e4957ea9 code=0x7ffc0000 [ 161.646735][ T30] audit: type=1326 audit(1718610422.528:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5974 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1e4957ea9 code=0x7ffc0000 [ 161.670690][ T30] audit: type=1326 audit(1718610422.565:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5974 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1e4957ea9 code=0x7ffc0000 [ 161.719846][ T20] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.722772][ T5898] UDC core: couldn't find an available UDC or it's busy: -16 [ 161.730117][ T20] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 161.737472][ T5898] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 161.745786][ T20] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 161.869508][ T2689] attempt to access beyond end of device [ 161.869508][ T2689] loop0: rw=2049, want=45120, limit=40427 [ 161.922918][ T20] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 161.932509][ T20] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.940469][ T20] usb 5-1: Product: syz [ 161.944506][ T20] usb 5-1: Manufacturer: syz [ 161.944526][ T20] usb 5-1: SerialNumber: syz [ 161.958834][ T5990] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 162.024743][ T6002] loop2: detected capacity change from 0 to 512 [ 162.051822][ T6002] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 162.065385][ T6002] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz-executor.2: invalid block [ 162.077699][ T6002] EXT4-fs (loop2): Remounting filesystem read-only [ 162.084077][ T6002] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 162.098301][ T6002] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 162.112635][ T6002] EXT4-fs (loop2): 2 truncates cleaned up [ 162.118190][ T6002] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,dioread_nolock,. Quota mode: writeback. [ 162.153184][ T6002] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1711042110 (109506695040 ns) > initial count (32441559296 ns). Using initial count to start timer. [ 162.171068][ T26] usb 2-1: USB disconnect, device number 24 [ 162.246681][ T6009] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: none. [ 162.275731][ T20] usb 5-1: 0:2 : does not exist [ 162.282042][ T20] usb 5-1: USB disconnect, device number 21 [ 162.297081][ T612] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 162.613715][ T6021] loop3: detected capacity change from 0 to 1024 [ 162.640477][ T6021] JBD2: no valid journal superblock found [ 162.646086][ T6021] EXT4-fs (loop3): error loading journal [ 162.713969][ T612] usb 1-1: Using ep0 maxpacket: 16 [ 162.885614][ T6041] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: none. [ 162.886017][ T6045] loop1: detected capacity change from 0 to 512 [ 162.901788][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.919366][ T6045] EXT4-fs (loop1): orphan cleanup on readonly fs [ 162.926407][ T6045] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 97: padding at end of block bitmap is not set [ 162.942352][ T6045] Quota error (device loop1): write_blk: dquota write failed [ 162.950178][ T6045] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 162.960833][ T6045] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2925: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 162.973437][ T6045] EXT4-fs warning (device loop1): ext4_evict_inode:303: xattr delete (err -117) [ 162.982442][ T6045] EXT4-fs (loop1): 1 orphan inode deleted [ 162.988133][ T380] Quota error (device loop1): remove_tree: Getting block too big (0 >= 6) [ 162.997067][ T6045] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: writeback. [ 163.011182][ T30] audit: type=1400 audit(1718610423.874:1051): avc: denied { mounton } for pid=6044 comm="syz-executor.1" path="/root/syzkaller-testdir868775152/syzkaller.NNK7Na/66/file0/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 163.011197][ T6045] fuse: Bad value for 'fd' [ 163.013368][ T612] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 163.044447][ T6045] syz-executor.1 (6045) used greatest stack depth: 19856 bytes left [ 163.052653][ T612] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.067915][ T612] usb 1-1: Product: syz [ 163.071862][ T612] usb 1-1: Manufacturer: syz [ 163.076301][ T612] usb 1-1: SerialNumber: syz [ 163.081236][ T612] r8152-cfgselector 1-1: config 0 descriptor?? [ 163.269886][ T26] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 163.301223][ T6079] loop1: detected capacity change from 0 to 256 [ 163.338559][ T30] audit: type=1400 audit(1718610424.174:1052): avc: denied { mounton } for pid=6078 comm="syz-executor.1" path="/root/syzkaller-testdir868775152/syzkaller.NNK7Na/74/file0/bus" dev="loop1" ino=1048685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 163.366231][ T612] r8152-cfgselector 1-1: Unknown version 0x0000 [ 163.419540][ T6079] loop_set_status: loop1 () has still dirty pages (nrpages=1) [ 163.431679][ T5069] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 163.439232][ T5069] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 163.450056][ T5069] bridge0: port 3(syz_tun) entered disabled state [ 163.457482][ T5069] device syz_tun left promiscuous mode [ 163.463278][ T5069] bridge0: port 3(syz_tun) entered disabled state [ 163.526445][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 163.601345][ T612] r8152-cfgselector 1-1: Unknown version 0x0000 [ 163.607575][ T612] r8152-cfgselector 1-1: bad CDC descriptors [ 163.633459][ T612] r8152-cfgselector 1-1: Unknown version 0x0000 [ 163.645065][ T612] r8152-cfgselector 1-1: USB disconnect, device number 18 [ 163.654752][ T26] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 163.654785][ T6083] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.665348][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 163.671632][ T6083] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.680237][ T26] usb 4-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 163.687731][ T6083] device bridge_slave_0 entered promiscuous mode [ 163.702768][ T6083] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.709736][ T6083] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.716777][ T6083] device bridge_slave_1 entered promiscuous mode [ 163.761211][ T6083] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.768047][ T6083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.775163][ T6083] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.781922][ T6083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.804645][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 163.812041][ T300] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.819675][ T300] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.837664][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 163.845915][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.852749][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.860120][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 163.868061][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.874939][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.882121][ T26] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 163.891759][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 163.899303][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.907678][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 163.915553][ T26] usb 4-1: Product: syz [ 163.921416][ T26] usb 4-1: Manufacturer: syz [ 163.925889][ T26] usb 4-1: SerialNumber: syz [ 163.928577][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 163.947244][ T6083] device veth0_vlan entered promiscuous mode [ 163.954471][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 163.970809][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 163.978952][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 163.991201][ T6083] device veth1_macvtap entered promiscuous mode [ 163.999118][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 164.007008][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 164.015183][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 164.027557][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 164.035607][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 164.046074][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 164.312286][ T30] audit: type=1400 audit(1718610425.091:1053): avc: denied { call } for pid=6099 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 164.316284][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 164.392455][ T26] usb 4-1: 0:2 : does not exist [ 164.398370][ T8] device bridge_slave_1 left promiscuous mode [ 164.400473][ T26] usb 4-1: USB disconnect, device number 18 [ 164.406829][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.434506][ T8] device bridge_slave_0 left promiscuous mode [ 164.441088][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.460920][ T8] device veth1_macvtap left promiscuous mode [ 164.470936][ T8] device veth0_vlan left promiscuous mode [ 164.629031][ T6128] netlink: 'syz-executor.0': attribute type 17 has an invalid length. [ 164.637060][ T6128] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 164.806437][ T6144] loop3: detected capacity change from 0 to 512 [ 164.863579][ T6144] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 164.904028][ T6144] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz-executor.3: invalid block [ 164.930559][ T6144] EXT4-fs (loop3): Remounting filesystem read-only [ 164.941222][ T6144] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz-executor.3: invalid indirect mapped block 4294967295 (level 1) [ 164.973091][ T6144] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz-executor.3: invalid indirect mapped block 4294967295 (level 1) [ 164.991492][ T6144] EXT4-fs (loop3): 2 truncates cleaned up [ 164.997155][ T6144] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,dioread_nolock,. Quota mode: writeback. [ 165.052482][ T6144] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1711042110 (109506695040 ns) > initial count (32441559296 ns). Using initial count to start timer. [ 165.487743][ T6182] loop0: detected capacity change from 0 to 1024 [ 165.515933][ T6182] JBD2: no valid journal superblock found [ 165.525749][ T6182] EXT4-fs (loop0): error loading journal [ 165.600435][ T6] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 165.827906][ T6226] bridge: RTM_NEWNEIGH with invalid ether address [ 165.829656][ T6224] loop2: detected capacity change from 0 to 1024 [ 165.890999][ T6224] JBD2: no valid journal superblock found [ 165.898302][ T6224] EXT4-fs (loop2): error loading journal [ 166.049513][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.066708][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.090027][ T6] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 166.113296][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.141866][ T6] usb 4-1: config 0 descriptor?? [ 166.180475][ T6240] loop2: detected capacity change from 0 to 512 [ 166.245192][ T6240] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 166.272144][ T6240] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz-executor.2: invalid block [ 166.284779][ T6240] EXT4-fs (loop2): Remounting filesystem read-only [ 166.292997][ T6240] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 166.313065][ T6240] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 166.423003][ T6240] EXT4-fs (loop2): 2 truncates cleaned up [ 166.455764][ T6240] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,dioread_nolock,. Quota mode: writeback. [ 166.500811][ T6254] loop1: detected capacity change from 0 to 512 [ 166.517171][ T6240] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1711042110 (109506695040 ns) > initial count (32441559296 ns). Using initial count to start timer. [ 166.538858][ T6254] EXT4-fs (loop1): orphan cleanup on readonly fs [ 166.545797][ T6254] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 97: padding at end of block bitmap is not set [ 166.560920][ T6254] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2925: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 166.573549][ T6254] EXT4-fs warning (device loop1): ext4_evict_inode:303: xattr delete (err -117) [ 166.582739][ T6254] EXT4-fs (loop1): 1 orphan inode deleted [ 166.615013][ T6254] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: writeback. [ 166.637224][ T6254] fuse: Bad value for 'fd' [ 166.664096][ T6268] loop4: detected capacity change from 0 to 1024 [ 166.689262][ T6] hid-multitouch 0003:0EEF:72D0.0024: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.3-1/input0 [ 166.713327][ T6268] JBD2: no valid journal superblock found [ 166.719071][ T6268] EXT4-fs (loop4): error loading journal [ 166.741438][ T6280] loop2: detected capacity change from 0 to 512 [ 166.774633][ T6288] loop1: detected capacity change from 0 to 512 [ 166.777090][ T6280] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 166.794203][ T6280] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz-executor.2: invalid block [ 166.808211][ T6280] EXT4-fs (loop2): Remounting filesystem read-only [ 166.814773][ T6280] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 166.818014][ T6288] EXT4-fs (loop1): orphan cleanup on readonly fs [ 166.835089][ T6280] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 4294967295 (level 1) [ 166.837333][ T6288] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 97: padding at end of block bitmap is not set [ 166.859072][ T6280] EXT4-fs (loop2): 2 truncates cleaned up [ 166.865827][ T6288] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2925: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 166.869315][ T6280] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,dioread_nolock,. Quota mode: writeback. [ 166.881515][ T6288] EXT4-fs warning (device loop1): ext4_evict_inode:303: xattr delete (err -117) [ 166.904828][ T6] usb 4-1: USB disconnect, device number 19 [ 166.911154][ T6288] EXT4-fs (loop1): 1 orphan inode deleted [ 166.917224][ T6288] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: writeback. [ 166.937995][ T6280] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1711042110 (109506695040 ns) > initial count (32441559296 ns). Using initial count to start timer. [ 166.939763][ T6288] fuse: Bad value for 'fd' [ 167.085916][ T6320] loop1: detected capacity change from 0 to 512 [ 167.119704][ T6320] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 167.133339][ T6320] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz-executor.1: invalid block [ 167.145748][ T6320] EXT4-fs (loop1): Remounting filesystem read-only [ 167.152293][ T612] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 167.155015][ T6326] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 167.159996][ T6320] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 4294967295 (level 1) [ 167.167737][ T6326] netlink: 'syz-executor.2': attribute type 15 has an invalid length. [ 167.190389][ T6320] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 4294967295 (level 1) [ 167.205083][ T6320] EXT4-fs (loop1): 2 truncates cleaned up [ 167.210705][ T6320] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,dioread_nolock,. Quota mode: writeback. [ 167.251044][ T6320] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1711042110 (109506695040 ns) > initial count (32441559296 ns). Using initial count to start timer. [ 167.567591][ T612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.584061][ T612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.598716][ T6354] device pim6reg1 entered promiscuous mode [ 167.604031][ T612] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 167.616535][ T612] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.625884][ T612] usb 5-1: config 0 descriptor?? [ 168.366977][ T6389] device pim6reg1 entered promiscuous mode [ 168.434150][ T612] hid-multitouch 0003:1FD2:6007.0025: unknown main item tag 0x0 [ 168.442133][ T612] hid-multitouch 0003:1FD2:6007.0025: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 168.461001][ T6393] device syzkaller0 entered promiscuous mode [ 169.416812][ T20] usb 5-1: USB disconnect, device number 22 [ 169.448251][ T6412] device pim6reg1 entered promiscuous mode [ 169.482567][ T6418] device pim6reg1 entered promiscuous mode [ 169.542112][ T6422] device syzkaller0 entered promiscuous mode [ 170.010710][ T6457] Invalid ELF header type: 0 != 1 [ 170.036039][ T6460] loop4: detected capacity change from 0 to 256 [ 170.173490][ T6469] loop2: detected capacity change from 0 to 16 [ 170.208907][ T6469] erofs: (device loop2): mounted with root inode @ nid 36. [ 170.218347][ T48] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 170.256641][ T6469] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 170.392061][ T6483] Invalid ELF header type: 0 != 1 [ 170.498151][ T6494] binder_alloc: 6490: binder_alloc_buf failed to map page at 20ffc000 in userspace [ 170.592967][ T300] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 170.647784][ T6498] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 170.978041][ T300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.024889][ T300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.044943][ T300] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 171.055647][ T300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.068451][ T300] usb 2-1: config 0 descriptor?? [ 171.275965][ T6507] loop2: detected capacity change from 0 to 512 [ 171.288501][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 171.288551][ T30] audit: type=1326 audit(1718610431.620:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.319236][ T30] audit: type=1326 audit(1718610431.620:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.352128][ T6507] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 171.371807][ T30] audit: type=1326 audit(1718610431.638:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.381783][ T6507] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 171.450171][ T6507] System zones: 1-12 [ 171.460200][ T30] audit: type=1326 audit(1718610431.638:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.469490][ T6507] EXT4-fs (loop2): orphan cleanup on readonly fs [ 171.484533][ T30] audit: type=1326 audit(1718610431.685:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.513967][ T30] audit: type=1326 audit(1718610431.685:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.522009][ T6507] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz-executor.2: Inode bitmap for bg 0 marked uninitialized [ 171.537866][ T30] audit: type=1326 audit(1718610431.685:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.574378][ T30] audit: type=1326 audit(1718610431.685:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.598669][ T30] audit: type=1326 audit(1718610431.685:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.623358][ T6507] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 171.634578][ T30] audit: type=1326 audit(1718610431.685:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61c2821ea9 code=0x7ffc0000 [ 171.665045][ T300] hid-multitouch 0003:1FD2:6007.0026: unknown main item tag 0x0 [ 171.690743][ T300] hid-multitouch 0003:1FD2:6007.0026: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0 [ 171.876603][ T300] usb 2-1: USB disconnect, device number 25 [ 172.570758][ T613] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 172.689542][ T6601] binder_alloc: 6599: binder_alloc_buf failed to map page at 20ffc000 in userspace [ 172.775544][ T6609] loop2: detected capacity change from 0 to 512 [ 172.819447][ T6609] EXT4-fs (loop2): bad s_want_extra_isize: 11962 [ 172.988698][ T613] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.005535][ T613] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.020484][ T613] usb 5-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 173.029530][ T613] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.039854][ T613] usb 5-1: config 0 descriptor?? [ 173.066239][ T6615] syz-executor.0[6615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 173.066578][ T6615] syz-executor.0[6615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 173.081518][ T6615] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 173.129759][ T6615] device gretap0 entered promiscuous mode [ 173.139042][ T6616] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.0'. [ 173.148456][ T6616] 0ªX¹¦Dö»: renamed from gretap0 [ 173.156338][ T6616] device 00ªX¹¦Dö» left promiscuous mode [ 173.223549][ T6618] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 173.287312][ T612] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 173.597899][ T613] dragonrise 0003:0079:0006.0027: unknown main item tag 0x0 [ 173.605176][ T613] dragonrise 0003:0079:0006.0027: unknown main item tag 0x0 [ 173.612363][ T613] dragonrise 0003:0079:0006.0027: unknown main item tag 0x0 [ 173.619703][ T613] dragonrise 0003:0079:0006.0027: unknown main item tag 0x0 [ 173.626876][ T613] dragonrise 0003:0079:0006.0027: unknown main item tag 0x0 [ 173.634790][ T613] dragonrise 0003:0079:0006.0027: hidraw0: USB HID v0.00 Device [HID 0079:0006] on usb-dummy_hcd.4-1/input0 [ 173.646221][ T613] dragonrise 0003:0079:0006.0027: no inputs found [ 173.652718][ T613] dragonrise 0003:0079:0006.0027: force feedback init failed [ 173.736011][ T612] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.747022][ T612] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.756895][ T612] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 173.766428][ T612] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.823419][ T612] usb 3-1: config 0 descriptor?? [ 173.943861][ T613] usb 5-1: USB disconnect, device number 23 [ 173.966911][ T6638] loop3: detected capacity change from 0 to 512 [ 174.014717][ T6638] EXT4-fs (loop3): bad s_want_extra_isize: 11962 [ 174.031878][ T6642] syz-executor.0[6642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 174.031926][ T6642] syz-executor.0[6642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 174.046269][ T6642] netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'. [ 174.066911][ T6642] device 00ªX¹¦Dö» entered promiscuous mode [ 174.074640][ T6642] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.0'. [ 174.083850][ T6642] 1ªX¹¦Dö»: renamed from 00ªX¹¦Dö» [ 174.089712][ T6642] device 01ªX¹¦Dö» left promiscuous mode [ 174.378203][ T612] hid-multitouch 0003:1FD2:6007.0028: unknown main item tag 0x0 [ 174.386283][ T612] hid-multitouch 0003:1FD2:6007.0028: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 174.473643][ T39] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 174.537138][ T6660] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 174.570828][ T6665] loop1: detected capacity change from 0 to 256 [ 174.596027][ T612] usb 3-1: USB disconnect, device number 21 [ 174.610458][ T6665] FAT-fs (loop1): Directory bread(block 64) failed [ 174.617195][ T6665] FAT-fs (loop1): Directory bread(block 65) failed [ 174.623566][ T6665] FAT-fs (loop1): Directory bread(block 66) failed [ 174.629863][ T6665] FAT-fs (loop1): Directory bread(block 67) failed [ 174.636325][ T6665] FAT-fs (loop1): Directory bread(block 68) failed [ 174.642646][ T6665] FAT-fs (loop1): Directory bread(block 69) failed [ 174.649017][ T6665] FAT-fs (loop1): Directory bread(block 70) failed [ 174.655407][ T6665] FAT-fs (loop1): Directory bread(block 71) failed [ 174.661674][ T6665] FAT-fs (loop1): Directory bread(block 72) failed [ 174.668011][ T6665] FAT-fs (loop1): Directory bread(block 73) failed [ 174.860229][ T6684] netem: change failed [ 174.890606][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.901320][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.910819][ T39] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 174.919697][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.928022][ T39] usb 4-1: config 0 descriptor?? [ 175.093730][ T6515] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 175.147162][ T612] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 175.575013][ T6515] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.585759][ T6515] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.595268][ T6515] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 175.604174][ T612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.614801][ T6515] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.622610][ T612] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 175.635581][ T612] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 175.644607][ T6515] usb 2-1: config 0 descriptor?? [ 175.649432][ T612] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.657877][ T612] usb 5-1: config 0 descriptor?? [ 175.991750][ T39] usb 4-1: string descriptor 0 read error: -71 [ 176.013243][ T39] uclogic 0003:256C:006D.0029: failed retrieving string descriptor #200: -71 [ 176.021938][ T39] uclogic 0003:256C:006D.0029: failed retrieving pen parameters: -71 [ 176.029843][ T39] uclogic 0003:256C:006D.0029: failed probing pen v2 parameters: -71 [ 176.047005][ T39] uclogic 0003:256C:006D.0029: failed probing parameters: -71 [ 176.054299][ T39] uclogic: probe of 0003:256C:006D.0029 failed with error -71 [ 176.087603][ T39] usb 4-1: USB disconnect, device number 20 [ 176.108740][ T6695] Bluetooth: hci0: sending frame failed (-49) [ 176.153664][ T6515] hid-multitouch 0003:0EEF:72D0.002A: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.1-1/input0 [ 176.368962][ T39] usb 2-1: USB disconnect, device number 26 [ 177.303253][ T6719] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.310198][ T6719] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.317412][ T6719] device bridge_slave_0 entered promiscuous mode [ 177.324077][ T6719] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.330995][ T6719] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.338091][ T6719] device bridge_slave_1 entered promiscuous mode [ 177.388862][ T6719] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.395717][ T6719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.402787][ T6719] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.409596][ T6719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.432172][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.439824][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.446978][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.457673][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.465781][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.472615][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.489445][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.497420][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.504255][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.511462][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.519163][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.533798][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 177.549475][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 177.557706][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 177.565085][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 177.573240][ T6719] device veth0_vlan entered promiscuous mode [ 177.588902][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 177.598794][ T6719] device veth1_macvtap entered promiscuous mode [ 177.613026][ T873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 177.623011][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 177.655149][ T6726] device syzkaller0 entered promiscuous mode [ 177.731953][ T6735] incfs_lookup_dentry err:-13 [ 177.738218][ T6735] binder: BINDER_SET_CONTEXT_MGR already set [ 177.744042][ T6735] binder: 6734:6735 ioctl 40046207 0 returned -16 [ 177.778061][ T45] device bridge_slave_1 left promiscuous mode [ 177.784014][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.791996][ T45] device bridge_slave_0 left promiscuous mode [ 177.797929][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.805902][ T45] device veth1_macvtap left promiscuous mode [ 177.811829][ T45] device veth0_vlan left promiscuous mode [ 177.908169][ T6743] loop1: detected capacity change from 0 to 1024 [ 177.950194][ T6743] EXT4-fs (loop1): Ignoring removed orlov option [ 177.956341][ T6743] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 177.971041][ T6743] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 177.996712][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 177.996725][ T30] audit: type=1400 audit(1718610437.887:1125): avc: denied { map } for pid=6742 comm="syz-executor.1" path="/root/syzkaller-testdir2044784594/syzkaller.SClLMs/4/file1/file0/bus" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 178.014511][ T6743] EXT4-fs error (device loop1): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.1: corrupt xattr in inline inode [ 178.044912][ T20] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 178.045216][ T6743] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.1: corrupted in-inode xattr [ 178.074505][ T30] audit: type=1400 audit(1718610437.962:1126): avc: denied { unlink } for pid=6719 comm="syz-executor.1" name="file1" dev="loop1" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 178.098078][ T6719] ================================================================== [ 178.105949][ T6719] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 178.113759][ T6719] Read of size 4 at addr ffff88812ef44000 by task syz-executor.1/6719 [ 178.121744][ T6719] [ 178.123915][ T6719] CPU: 1 PID: 6719 Comm: syz-executor.1 Not tainted 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 178.133981][ T6719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 178.143885][ T6719] Call Trace: [ 178.147003][ T6719] [ 178.149781][ T6719] dump_stack_lvl+0x151/0x1b7 [ 178.154294][ T6719] ? io_uring_drop_tctx_refs+0x190/0x190 [ 178.159759][ T6719] ? panic+0x751/0x751 [ 178.163667][ T6719] print_address_description+0x87/0x3b0 [ 178.169047][ T6719] kasan_report+0x179/0x1c0 [ 178.173387][ T6719] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 178.178852][ T6719] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 178.184322][ T6719] __asan_report_load4_noabort+0x14/0x20 [ 178.189791][ T6719] ext4_xattr_delete_inode+0xcd0/0xce0 [ 178.195088][ T6719] ? sb_end_intwrite+0x120/0x120 [ 178.199858][ T6719] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 178.205764][ T6719] ? ext4_journal_check_start+0x16c/0x230 [ 178.211316][ T6719] ? __kasan_check_read+0x11/0x20 [ 178.216173][ T6719] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 178.221931][ T6719] ? ext4_evict_inode+0xb8d/0x14e0 [ 178.226849][ T6719] ext4_evict_inode+0xea1/0x14e0 [ 178.231627][ T6719] ? _raw_spin_unlock+0x4d/0x70 [ 178.236312][ T6719] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 178.242037][ T6719] ? _raw_spin_unlock+0x4d/0x70 [ 178.246725][ T6719] ? inode_io_list_del+0x18b/0x1a0 [ 178.251672][ T6719] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 178.257406][ T6719] evict+0x2a3/0x630 [ 178.261137][ T6719] iput+0x63b/0x7e0 [ 178.264781][ T6719] vfs_rmdir+0x359/0x470 [ 178.268857][ T6719] do_rmdir+0x3ab/0x630 [ 178.272850][ T6719] ? d_delete_notify+0x160/0x160 [ 178.277634][ T6719] __x64_sys_unlinkat+0xdf/0xf0 [ 178.282310][ T6719] do_syscall_64+0x3d/0xb0 [ 178.286563][ T6719] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 178.292299][ T6719] RIP: 0033:0x7f70804b2687 [ 178.296547][ T6719] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 178.315985][ T6719] RSP: 002b:00007ffdf046f048 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 178.324242][ T6719] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f70804b2687 [ 178.332045][ T6719] RDX: 0000000000000200 RSI: 00007ffdf04701f0 RDI: 00000000ffffff9c [ 178.339854][ T6719] RBP: 00007f708050f636 R08: 0000000000000000 R09: 0000000000000000 [ 178.347665][ T6719] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffdf04701f0 [ 178.355475][ T6719] R13: 00007f708050f636 R14: 0000000000029c29 R15: 0000000000000007 [ 178.363309][ T6719] [ 178.366154][ T6719] [ 178.368323][ T6719] The buggy address belongs to the page: [ 178.373796][ T6719] page:ffffea0004bbd100 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12ef44 [ 178.383860][ T6719] flags: 0x4000000000000000(zone=1) [ 178.388897][ T6719] raw: 4000000000000000 ffffea0004927a08 ffffea0004b21e48 0000000000000000 [ 178.397319][ T6719] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 178.405729][ T6719] page dumped because: kasan: bad access detected [ 178.411980][ T6719] page_owner tracks the page as freed [ 178.417188][ T6719] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 6709, ts 176735335311, free_ts 177568434063 [ 178.432639][ T6719] post_alloc_hook+0x1a3/0x1b0 [ 178.437236][ T6719] prep_new_page+0x1b/0x110 [ 178.441579][ T6719] get_page_from_freelist+0x3550/0x35d0 [ 178.446957][ T6719] __alloc_pages+0x27e/0x8f0 [ 178.451379][ T6719] wp_page_copy+0x1d4/0x1b00 [ 178.455809][ T6719] do_wp_page+0x6fa/0xb60 [ 178.459971][ T6719] handle_pte_fault+0x7c0/0x24d0 [ 178.464747][ T6719] do_handle_mm_fault+0x1ea9/0x23a0 [ 178.469782][ T6719] exc_page_fault+0x3b5/0x830 [ 178.474293][ T6719] asm_exc_page_fault+0x27/0x30 [ 178.478979][ T6719] page last free stack trace: [ 178.483492][ T6719] free_unref_page_prepare+0x7c8/0x7d0 [ 178.488789][ T6719] free_unref_page_list+0x14b/0xa60 [ 178.493820][ T6719] release_pages+0x1310/0x1370 [ 178.498423][ T6719] free_pages_and_swap_cache+0x8a/0xa0 [ 178.503724][ T6719] tlb_flush_mmu+0xd0/0x180 [ 178.508058][ T6719] unmap_page_range+0x1c70/0x1ed0 [ 178.512916][ T6719] unmap_vmas+0x389/0x560 [ 178.517081][ T6719] exit_mmap+0x3e4/0x940 [ 178.521160][ T6719] __mmput+0x95/0x310 [ 178.524980][ T6719] mmput+0x5b/0x170 [ 178.528627][ T6719] do_exit+0xb9c/0x2ca0 [ 178.532616][ T6719] do_group_exit+0x141/0x310 [ 178.537045][ T6719] __x64_sys_exit_group+0x3f/0x40 [ 178.541906][ T6719] do_syscall_64+0x3d/0xb0 [ 178.546159][ T6719] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 178.551886][ T6719] [ 178.554053][ T6719] Memory state around the buggy address: [ 178.559527][ T6719] ffff88812ef43f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.567429][ T6719] ffff88812ef43f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 178.575323][ T6719] >ffff88812ef44000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 178.583219][ T6719] ^ [ 178.587126][ T6719] ffff88812ef44080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 178.595023][ T6719] ffff88812ef44100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/06/17 07:47:18 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 178.602919][ T6719] ================================================================== [ 178.610818][ T6719] Disabling lock debugging due to kernel taint [ 178.618075][ T39] Bluetooth: hci0: command 0x1003 tx timeout [ 178.651284][ T6695] Bluetooth: hci0: sending frame failed (-49) [ 178.664530][ T612] usbhid 5-1:0.0: can't add hid device: -71 [ 178.670275][ T612] usbhid: probe of 5-1:0.0 failed with error -71 [ 178.677215][ T5020] bridge0: port 3(syz_tun) entered disabled state [ 178.687457][ T612] usb 5-1: USB disconnect, device number 24 [ 178.698661][ T5020] device syz_tun left promiscuous mode [ 178.703957][ T5020] bridge0: port 3(syz_tun) entered disabled state